Suppliers of applications, IT equipment, OT equipment and services associated with systems are identified.
Topic
Cyber supply chain risk management activities
Applicable to
all
History
Jun 2024
Suppliers of applications, IT equipment, OT equipment and services associated with systems are identified.
A number of existing controls relating to cyber supply chain risk management activities for ICT equipment were amended to refer to IT equipment and OT equipment.
Dec 2022
Suppliers of applications, ICT equipment and services associated with systems are identified.
The existing control relating to identifying and understanding all applications, ICT equipment and services associated with systems was amended to focus on identifying the suppliers of applications, ICT equipment and services associated with systems.
Sep 2022
Applications, ICT equipment and services associated with systems are identified and understood.
Language associated with cyber supply chain risk assessments for applications, ICT equipment and services ‘relevant to the security of systems’ was amended to ‘associated with systems’ noting that every part of a system can potentially impact its security risk profile.
Sep 2022
Applications, ICT equipment and services associated with systems are identified and understood.
The cyber supply chain risk management recommendations covering components and services were amended to applications, ICT equipment and services.
Dec 2020
Components and services relevant to the security of systems are identified and understood.
Security control 1631 was introduced to capture the first stage of cyber supply chain risk assessments – the identification of components and services that are relevant to the security of systems. This security control forms the basis for security controls to follow.