The recently released SCS 9001 supply chain security standard offers a comprehensive, auditable and verifiable solution to help meet the goals of international government initiatives aimed at improving global cybersecurity, according to the Telecommunications Industry Association (TIA).
TIA has released the first two of a series of Technical Bulletins to show
how the recently released SCS 9001 Supply Chain Security Standard can be a global resource to help both governments and businesses improve the information communications technology (ICT) industry’s supply chain security. TIA analyzed the key requirements of recent government-led initiatives and provided details on how the SCS 9001 standard certification would help meet the key goals for each initiative.
These first Technical Bulletins from TIA focus on how SCS 9001 enables the desired results of two recent government-led initiatives: U.S. Executive Order 14028 and the United Kingdom’s National Cyber Security Centre’s Ten Steps to Cyber Security. Additional Technical Bulletins are coming soon, including analyses on how the new standard would have performed against supply chain-based breaches like the “Log4shell” attack via Apache Log4j and the “Sunburst” attack on SolarWinds.
“Security must be built in rather than bolted on and must be an integral part of the product and system design process,” said Mike Regan, vice president of business performance at TIA. “By adding definition and clarity to the requirements needed to attain supply chain security, we are now able to measure performance and verify achievement against a comprehensive set of controls that will help mitigate the complex supply chain breaches and attacks that continue to plague organizations and concern governments.”