CSPs can assess the baseline risk factors defined in NIST SP 800-161, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, Appendix E Table E-1. CSPs will need to work with their vendors to gain access to the necessary documentation that the CSP can review to determine whether the vendor is in alignment with NIST 800-171 or equivalent framework. That may be an internal assessment performed by the supplier, a third-party, or in support of a framework such as PCI or ISO/IEC 27001 and others.
Comments
0 comments
Please sign in to leave a comment.