Applications, IT equipment, OT equipment and services are chosen from suppliers that have a strong track record of maintaining the security of their own systems and cyber supply chains.
Topic
Cyber supply chain risk management activities
Applicable to
all
History
Jun 2024
Applications, IT equipment, OT equipment and services are chosen from suppliers that have a strong track record of maintaining the security of their own systems and cyber supply chains.
A number of existing controls relating to cyber supply chain risk management activities for ICT equipment were amended to refer to IT equipment and OT equipment.
Dec 2023
Applications, ICT equipment and services are chosen from suppliers that have a strong track record of maintaining the security of their own systems and cyber supply chains.
The existing control relating to applications, ICT equipment and services being chosen from suppliers that have a strong track record of transparency and maintaining the security of their own systems and cyber supply chains was split into two separate controls. [ISM-1632, ISM-1882]
Sep 2022
Applications, ICT equipment and services are chosen from suppliers that have a strong track record of transparency and maintaining the security of their own systems and cyber supply chains.
Language associated with cyber supply chain risk assessments for applications, ICT equipment and services ‘relevant to the security of systems’ was amended to ‘associated with systems’ noting that every part of a system can potentially impact its security risk profile.
Sep 2022
Applications, ICT equipment and services are chosen from suppliers that have a strong track record of transparency and maintaining the security of their own systems and cyber supply chains.
Language associated with ‘suppliers and service providers’ was amended to ‘suppliers’ noting that suppliers have now been defined within the glossary as encompassing application developers, ICT equipment manufacturers, service provides and other organisations involved in distribution channels.
Sep 2022
Applications, ICT equipment and services are chosen from suppliers that have a strong track record of transparency and maintaining the security of their own systems and cyber supply chains.
The cyber supply chain risk management recommendations covering components and services were amended to applications, ICT equipment and services.
Mar 2022
Components and services relevant to the security of systems are chosen from suppliers and service providers that have a strong track record of transparency and maintaining the security of their own systems and cyber supply chains.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Dec 2020
Components and services relevant to the security of systems are chosen from suppliers and service providers that have a strong track record of transparency and maintaining the security of their own systems, services and cyber supply chains.
Security control 1632 was introduced to cover the second part of the previous revision of security control 1568, the use of suppliers and service providers that have a strong track record of maintaining the security of their systems and services. In addition, references to transparency of security by suppliers and service providers, as well as the management of their own cyber supply chains, was included.