Quick Tutorial: Supply Chain Security
ISO/IEC 20243 provides a guideline document/standard for supply chain security, if applied, helps in mitigating risks of acquiring counterfeit and malicious products by manufacturers. Counterfeit products are developed by others but acquired as legitimate, while malicious products are developed by the genuine manufacturer but tampered with maliciously and acquired through the provider’s authorized channel. This article will walk through a high-level checklist applicable for companies to get some assurance of supply chain security.
Below is the high-level checklist that is helpful to have a quick overview to achieve supply chain security:
- The product design process should be formally defined and documented.
- Existence of configuration management to develop the product. It helps in tracking change in the development of a product.
- A mature and documented process is used to develop a product.
- Adequately defined Quality Management (QM) system available to develop secure products.
- Support of product for the management of patches and defects of products.
- Run-time Protection Techniques should be implemented to protect code against null pointers, buffer overflow, etc.
- Threat Analysis and possible mitigation techniques should be employed.
- Vulnerability analysis and techniques should be identified.
- Patch management and remediation mechanisms should be implemented.
- Follow secure engineering practice related to authentication, hardware design security, use of an appropriate flag, etc.
- Implementation of physical security for the development and supply chain of a product.
- Implementation of access control for intellectual property-related aspects of the product.
- Ensure security and integrity of employee and supplier by background check
- Provide training to improve security awareness in transmission and handling controls among personnel.
- Mitigate counterfeit components and proper disposal procedures upon the end of life should be employed.
- Identification and implementation of malware detection tools in the product development life cycle.
Implementation of ISO/IEC 20243 by an organization helps in achieving supply chain security. This standard provides practical guidelines, requirements, and recommendations by reducing the risk of acquiring maliciously tainted or counterfeit products in a supply chain.
- ISO/IEC 20243-1:2018 - Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Mitigating maliciously tainted and counterfeit products
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.