NIST SP 800-161 Revision 1 recommends three levels of supply chain security strategies. Essential practices include creating a Program Management Office for supply chain risk management (C-SCRM), developing incident management measures and requiring suppliers to identify vulnerabilities. Sustaining practices involve incorporating C-SCRM requirements into supplier contracts. Enhancing practices include using automation and metrics for better C-SCRM management. Guidelines from CISA, NSA and ODNI also suggest software suppliers provide a software bill of material and verify it against known vulnerability databases.
Network level risk management key to medical device security
In today’s healthcare, medical devices are crucial but vulnerable, as noted by the European Commission’s NIS2 directive. To combat cybersecurity threats, Palo Alto Networks has
