Applications, IT equipment, OT equipment and services are chosen from suppliers that have demonstrated a commitment to transparency for their products and services.
Topic
Cyber supply chain risk management activities
Applicable to
all
History
Jun 2024
Applications, IT equipment, OT equipment and services are chosen from suppliers that have demonstrated a commitment to transparency for their products and services.
A number of existing controls relating to cyber supply chain risk management activities for ICT equipment were amended to refer to IT equipment and OT equipment.
Dec 2023
Applications, ICT equipment and services are chosen from suppliers that have demonstrated a commitment to transparency for their products and services.
The existing control relating to applications, ICT equipment and services being chosen from suppliers that have a strong track record of transparency and maintaining the security of their own systems and cyber supply chains was split into two separate controls. [ISM-1632, ISM-1882]