This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.

Supply Chain Management

From attackics
Jump to navigation Jump to search
Supply Chain Management
Mitigation
ID M0817
NIST SP 800-53 Rev. 4 SA-12

Description

Implement a supply chain management program, including policies and procedures to ensure all devices and components originate from a trusted supplier and are tested to verify their integrity.


Techniques Addressed by Mitigation

NameUse
Supply Chain CompromiseA supply chain management program should include methods the assess the trustworthiness and technical maturity of a supplier, along with technical methods (e.g., code-signing, bill of materials) needed to validate the integrity of newly obtained devices and components. Develop procurement language that emphasizes the expectations for suppliers regarding the artifacts, audit records, and technical capabilities needed to validate the integrity of the device’s supply chain.1


References

  1. ^  Robert A. Martin. (2021, January). TRUSTING OUR SUPPLY CHAINS: A COMPREHENSIVE DATA-DRIVEN APPROACH. Retrieved April 12, 2021.

Retrieved from "https://collaborate.mitre.org/attackics/index.php?title=Mitigation/M0817&oldid=9260"