Supply chain, Governance, Risk and Compliance, Critical Infrastructure Security

Better hardware supply chain risk evaluations sought by new CISA framework

SiliconAngle reports that mounting cybersecurity threats against the hardware supply chain have prompted the Cybersecurity and Infrastructure Security Agency to unveil a new framework aimed at bolstering risk assessment and mitigation in the supply chain. Several components have been integrated into the Hardware Bill of Materials Framework for Supply Chain Risk Management developed by the Information and Communications Technology Supply Chain Risk Management Task Force, including one that details possible use cases for HBOMs depending on the evaluated risk, a format for maintaining consistency in HBOM production and utilization, and a data field taxonomy that offers input and component attributes in HBOMs. "This methodology gives organizations a useful tool to evaluate supply chain risks with a consistent and predictable structure for a variety of use cases," said ICT SCRM Task Force co-chair John Miller. Cybersecurity experts have expressed support for the new framework, with HackerOne Lead Security Technologist Kayla Underkoffler noting the additional transparency offered by the framework.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.