New MITRE Framework For Supply Chain Security

By   ISBuzz Team
Writer , Information Security Buzz | May 22, 2022 12:45 pm PST

It has been reported that MITRE has built a prototype framework for information and communications technology (ICT) that defines and quantifies risks and security concerns over the supply chain – including software. MITRE’s so-called System of Trust (SoT) prototype framework is, in essence, a standard methodology for evaluating suppliers, supplies, and service providers.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Curtis Simpson
Curtis Simpson , Chief Information Security Officer
May 22, 2022 8:45 pm

Supply chain risk is higher than ever but as a security community, we’ve relied far too heavily on questionnaires and “blind” 3rd party risk assessment platforms. The sheer level of resources from the customer and vendor security communities creating, answering, and reviewing questionnaires answered by people and tools is not improving security but rather, further impacting our staffing challenges. We need a common standard that 3rd parties (like us) can build to and evidence accordingly such that public and private sector operations consuming technologies and services can rapidly assess and consume with confidence. This is that standard and, from an entity that we already trust to build and measure effective programs that deliver material benefits to the operations that we’re protecting. This will be rapidly adopted and in turn, will enable our ability to select and consume the right technologies and services with confidence while returning resources on both sides of the equation to further optimize the security of products and programs.

Last edited 1 year ago by Curtis Simpson

Recent Posts

Would love your thoughts, please comment.x