Increasing cyberattacks against the supply chain have prompted the National Institute of Standards and Technology to unveil updated cybersecurity guidance for supply chain risk management, The Hacker News reports.
Organizations have been provided various security control and practice recommendations for supply chain risk identification, evaluation, and response. Aside from detailing processes in dealing with potentially malicious functionality, the guidance also expounds on how to manage third-party software vulnerabilities, counterfeit hardware, and subpar manufacturing and development practices. "It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components which may have been developed elsewhere and the journey those components took to reach their destination," said NIST. NIST's Jon Boyens emphasized the continuous need for supply chain cybersecurity management. "If your agency or organization hasn't started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately," Boyens said.
Okta had 4,961 current and former employees' data, including names, health insurance plan numbers, and Social Security numbers, compromised following a breach at its third-party vendor Rightway Healthcare, reports The Register.
Optimizing AppSec: A Deep Dive into ASPM’s Risk-Based Approach
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Perfecting the third-party lifecycle: Conquering risk in every phase
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news