Supply chain, Governance, Risk and Compliance, Critical Infrastructure Security
Better hardware supply chain risk evaluations sought by new CISA framework
SiliconAngle reports that mounting cybersecurity threats against the hardware supply chain have prompted the Cybersecurity and Infrastructure Security Agency to unveil a new framework aimed at bolstering risk assessment and mitigation in the supply chain.
Several components have been integrated into the Hardware Bill of Materials Framework for Supply Chain Risk Management developed by the Information and Communications Technology Supply Chain Risk Management Task Force, including one that details possible use cases for HBOMs depending on the evaluated risk, a format for maintaining consistency in HBOM production and utilization, and a data field taxonomy that offers input and component attributes in HBOMs.
"This methodology gives organizations a useful tool to evaluate supply chain risks with a consistent and predictable structure for a variety of use cases," said ICT SCRM Task Force co-chair John Miller.
Cybersecurity experts have expressed support for the new framework, with HackerOne Lead Security Technologist Kayla Underkoffler noting the additional transparency offered by the framework.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds