Who do you do business with, associate with, outsource to, and share information with? How can those relationships hurt you and how can relying on them in a critical moment impact your mission? Will their security posture save you from peril or kick you while you’re down? How many of your partners, vendors, and suppliers are soft targets and vectors to use to attack you from a trusted source? These are issues that are coming to the forefront more and more.
To address these issues, just this summer, NIST released the second draft of its related publication, NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
There have been many workshops and events in Washington DC this year already on supply chain risk management (SCRM) and, even as I write this, there is another underway this week in McLean, VA, Winter 2014 Software and Supply Chain Assurance Working Group, involving NIST, DHS, MITRE and the usual cast of federal players and vendors.
The NIST Cybersecurity Framework (CSF) was written to help the critical infrastructure sectors. Although it was intended to foster/build/manage an entire comprehensive cybersecurity program, it has had increasing attention and focus as a way for organizations to share information about their security posture with their partners, vendors, and intra-organizationally.
I did a webcast earlier this year on Vendor and Supply Chain Management with my colleague, Marshall Toburen, that goes further into this topic, especially focusing on how it applies to the federal community. And if you’re more interested in the private sector perspective, here are several recent related posts from team mates: here, here, here, and here.
Now, for the good news:
In Gartner’s latest IT Vendor Risk Management Magic Quadrant, analysts Christopher Ambrose, Kris Doering, and Gayla Sullivan evaluated 10 enterprise-class IT Vendor Risk Management solutions.
As you can see in the report, RSA Archer is again ahead of the pack - something we’re very proud of. We take these analyses and use them to continually improve, as well as using inputs from our customers and prospects and our working group members. If you are interested in seeing a demo or being a member of the Vendor Management working group please feel free to contact firstname.lastname@example.org .
Thanks for reading. As always, email me with questions or comments.
@chrish00ver on Twitter