CISA Releases Small and Medium Business Supply Chain Resilience Guide
The Cybersecurity and Infrastructure Security Agency (CISA) recently released a new resource guide aimed at helping small and medium sized businesses develop supply chain resilience plans. The goal of the guide is “to ensure the availability, integrity, and confidentiality of ICT products, services, and components throughout the supply chain while minimizing disruptions and vulnerabilities”. The guide seeks to do this through helping private and public sector stakeholders create an efficient and effective supply chain risk management plan (SCRM). Below is a summary of the eight-step plan to developing a SCRM:
1. Executive Summary (Objective of your SCRM).
2. Identify critical suppliers.
3. Identity supply chain risks to your critical assets.
4. Implement supplier diversity.
5. Develop a vendor attestation process.
6. Develop a continency plan.
7. Train your employees.
8. Continuously monitor and improve.
The full guide and additional information can be found here.