Скачать или смотреть GRC | NIST 800-161 Cybersecurity Supply Chain ​Risk Management Practices for Systems & Organizations

GRC | NIST 800-161 Cybersecurity Supply Chain ​Risk Management Practices for Systems & Organizations

Cybersecurity Supply Chain Risk Management (C-SCRM) is a systematic process for managing exposure to cybersecurity risks throughout the supply chain and developing appropriate response strategies, policies, processes, and procedures. The purpose of this publication is to provide guidance to enterprises on how to identify, assess, select, and implement risk management processes and mitigating controls across the enterprise to help manage cybersecurity risks throughout the supply chain. The content in this guidance is the shared responsibility of different disciplines with different SCRM perspectives, authorities, and legal considerations. This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-1... The C-SCRM guidance provided in this document is not one-size-fits-all. Instead, the guidance throughout this publication should be adopted and tailored to the unique size, resources, and risk circumstances of each enterprise. Enterprises adopting this guidance may vary in how they implement C-SCRM practices internally. To that end, this publication describes C-SCRM practices observed in enterprises and offers a general prioritization of C-SCRM practices (i.e., Foundational, Sustaining, Enabling)4 for enterprises to consider as they implement and mature C-SCRM. However, this publication does not offer a specific roadmap for enterprises to follow to reach various states of capability and maturity. The processes and controls identified in this document can be modified or augmented with enterprise-specific requirements from policies, guidelines, response strategies, and other sources. This publication empowers enterprises to develop C-SCRM strategies tailored to their specific mission and business needs, threats, and operational environments.