How Effective Is Critical Technology Supply Chain Principles By Australian Government

BACKGROUND:

The Australian Government has released the Critical Technology Supply Chain Principles this week and below is the reactive commentary from information security experts.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Reinhart Hansen
Reinhart Hansen , Asia Pacific and Japan CTO
InfoSec Expert
November 16, 2021 12:38 pm

<p>In the US, the National Institute of Standards and Technology (NIST) has recognised that many security controls fail to address the challenge of mitigating software supply chain attacks. It determined that only runtime protection prevents these stealthy attacks and <a href=\"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf\" data-saferedirecturl=\"https://www.google.com/url?q=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf&source=gmail&ust=1637152099931000&usg=AOvVaw1cR1q5wkJPPnB_Gi-asaGZ\"> recommends Runtime Application Self-Protection (RASP)</a> as a control to respond to emerging threats from the software supply chain. If the Australia Government wants to further mitigate supply chain risk it should consider adding RASP as a control in existing advice issued by the ACSC such as the Information Security Manual (ISM), the Cyber Supply Chain Risk Management Framework, or the Essential Eight.</p>
<p> </p>

Last edited 1 year ago by Reinhart Hansen
1
0
Would love your thoughts, please comment.x
()
x