RSSThe Telecommunications Industry Association (TIA) released the first two of a series of technical bulletins that examine how the recently released SCS 9001 supply chain security standard offers a comprehensive, auditable and verifiable solution to help meet the goals of international government initiatives aimed at improving global cybersecurity.
Related Stories
Congress Passes TikTok Ban on Federal Devices
FCC Proposes Rules to Improve Routing of Wireless 911 Calls and Texts
The new documents come after TIA submitted 15 pages of comments this week to the National Institute of Standards and Technology (NIST) request for information on updating the Cybersecurity Framework and Cybersecurity Supply Chain Risk Management.
The purpose of the new bulletins is to show how the recently released SCS 9001 Supply Chain Security Standard can be a global resource to help both governments and businesses improve the information communications technology (ICT) industry’s supply chain security. TIA analyzed the key requirements of recent government-led initiatives and provided details on how the SCS 9001 standard certification would help meet the key goals for each initiative.
“This is a critical time for our industry as governments worldwide are leaning toward a more prescriptive approach to deal with the threat landscape that surrounds our global networking technology supply chains,” said TIA CEO David Stehlin. “Using TIA QuEST Forum’s proven methodology for continuous improvement, through certified verification and benchmarking results, industry and governments can work together to improve the security of ICT products and services. SCS 9001 brings value to networks and critical ICT infrastructure of all types while also demonstrating to governments that industry can operationalize their guidelines.”
These first bulletins from TIA focus on how SCS 9001 enables the desired results of two recent government-led initiatives: U.S. Executive Order 14028 and the United Kingdom’s National Cyber Security Centre’s Ten Steps to Cyber Security. Additional Technical Bulletins are coming soon, including analyses on how the new standard would have performed against supply chain-based breaches like the “Log4shell” attack via Apache Log4j and the “Sunburst” attack on SolarWinds.
“Security must be built in rather than bolted on and must be an integral part of the product and system design process,” said Mike Regan, vice president of business performance at TIA. “By adding definition and clarity to the requirements needed to attain supply chain security, we are now able to measure performance and verify achievement against a comprehensive set of controls that will help mitigate the complex supply chain breaches and attacks that continue to plague organizations and concern governments.”
Find the bulletins here.
Would you like to comment on this story? Find our comments system below.
