Applications, IT equipment, OT equipment and services are chosen from suppliers that have demonstrated a commitment to the security of their products and services.
Topic
Cyber supply chain risk management activities
Applicable to
all
History
Jun 2024
Applications, IT equipment, OT equipment and services are chosen from suppliers that have demonstrated a commitment to the security of their products and services.
A number of existing controls relating to cyber supply chain risk management activities for ICT equipment were amended to refer to IT equipment and OT equipment.
Mar 2023
Applications, ICT equipment and services are chosen from suppliers that have demonstrated a commitment to the security of their products and services.
An existing control relating to choosing applications, ICT equipment and services from ‘suppliers that have made a commitment to the security of their products and services’ was amended to ‘suppliers that have demonstrated a commitment to the security of their products and services’.
Sep 2022
Applications, ICT equipment and services are chosen from suppliers that have made a commitment to the security of their products and services.
Language associated with cyber supply chain risk assessments for applications, ICT equipment and services ‘relevant to the security of systems’ was amended to ‘associated with systems’ noting that every part of a system can potentially impact its security risk profile.
Sep 2022
Applications, ICT equipment and services are chosen from suppliers that have made a commitment to the security of their products and services.
The cyber supply chain risk management recommendations covering components and services were amended to applications, ICT equipment and services.
Mar 2022
Components and services relevant to the security of systems are chosen from suppliers and service providers that have made a commitment to secure-by-design principles, secure programming practices and maintaining the security of their products.
The recommendation to choose components and services relevant to the security of systems from suppliers and service providers that have made a commitment to secure-by-design practices has been amended to suppliers and service providers that have made a commitment to secure-by-design principles, secure programming practices and maintaining the security of their products.
Dec 2020
Components and services relevant to the security of systems are chosen from suppliers and service providers that have made a commitment to secure-by-design practices.
Security control 1568 was amended to focus on the use of suppliers and service providers that have made a commitment to secure-by-design practices as part of the procurement of components and services relevant to the security of systems.
Nov 2020
Outsourced information technology and cloud services are chosen from service providers that have made a commitment to secure practices and have a strong track record of maintaining the security of their systems and services.
Jul 2020
Outsourced information technology and cloud services are chosen from service providers that have made a commitment to secure practices and have a strong track record of maintaining the security of their systems and services.
Security control 1568 wasintroduced to provideguidance on cyber supply chain risk management activitieswhen choosing service providersfor outsourced information technology and cloud services.