Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 168

The U.K. National Cyber Security Centre (NCSC) proposed guidance that attempts to provide organizations with improved awareness of supply chain risks, while also establishing 12 principles intended to help organizations establish and maintain effective control of their supply chain. The 12 supply chain principles are divided into these separate stages:

1 Understand the risks: The principles in this stage involve identifying your vendors in your supply chain and establishing what needs to be protected in that supply chain (and why).

2 Establish control: This stage involves establishing minimum security requirements (see the earlier section “Minimum Security Requirements”) and communicating your security expectations to your suppliers.

3 Check your arrangements: This stage involves establishing assurance activities and building those into your supply chain processes. This includes establishing audit rights, key performance indicators, and other testing/validation activities.

4 Continuous improvement: This stage involves continually building trust with your suppliers and constantly encouraging security improvements for your supply chain.