In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks.
Enhancing its predecessor, the SCS 9001 2.0 standard presents a more comprehensive global cybersecurity and supply chain security framework adaptable to various communication networks across industries and sectors.
SCS 9001 2.0 expands upon the prior release, SCS 9001, with improved coverage for hardware provenance and development, cloud-based services, procurement, and shipping/logistics as primary examples.
Additional improvements have been made for certain government initiatives such as secure software development, cyber and supply chain security risk management, and creation of bills of materials.
SCS 9001 2.0 aligns with the Annex SL format for ease of creating integrated management systems with other complementary standards.
Even with current initiatives of re-shoring or near-shoring, modern supply chains in the ICT industry are global in nature with materials and software components traversing many national boundaries.
SCS 9001 2.0 is designed as a global standard without national or regional biases to promote global adoption.
Considering the global nature of ICT supply chains, SCS 9001 2.0 includes requirements for procurement, shipping, and logistics to alleviate the potential for tampering or insertion of fraudulent or tainted components in the supply chain.
From its conception, SCS 9001 has had a focus on supply chain security for the ICT industry.
That said, SCS 9001 can be used in harmony with other popular standards, each with their own primary focus, to deliver the requisite set of broader protections.
The ability to provide evidence of the origin of every software and hardware component used in a product is one of the most important and difficult goals in improving supply chain security.
Manufacturers must be able to demonstrate complete control of their supply chains with bills of material demonstrating the origin and versions of every software and hardware component used in their products.
To address this challenge, innovative software companies have emerged, developing tools that automate and support the requirements of provenance as outlined in SCS 9001 2.0.
TIA, with the help of its Government Advocacy team, keeps a close eye on global government activities and initiatives that aim to introduce guidance, if not new legislation, to promote enhanced cyber and supply chain security.
As the SCS 9001 standard continues to evolve, it will be continuously improved to support these activities, providing a certifiable standard that can be utilized to operationalize and demonstrate alignment with government initiatives and newly implemented regulatory powers.
The National Telecommunications and Information Administration recently adopted a measure that includes new cybersecurity and supply chain risk management requirements for the U.S. Department of Commerce's $42.5 billion Broadband Equity Access and Deployment program rules.
Internationally, Costa Rica became the first government in Latin America to mandate that vendors certify to the TIA SCS 9001 standard following a disruptive attack on its critical network infrastructure in 2022.
SCS 9001 2.0 is the result of contributions and expertise of numerous subject matter experts from diverse organizations.
Contributors to SCS 9001 2.0 include professionals responsible for leadership, security, quality, network design, engineering, product testing, purchasing, and logistics.
SCS 9001 2.0 goes beyond traditional public service providers and delivers benefits to operators of various modern networks, such as cloud platforms, data centers, IoT, satellite communications, and enterprises.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 11 Dec 2023 05:43:05 +0000