Nowadays, various standards are being used to assess and even certify the security and resilience of companies all around the world. However, as most of them focus on IT and OT-related aspects, supply chain security is often forgotten or not given enough attention. This paper aims to address this limitation by using systematic mappings between four security standards, namely the ISO/IEC 27000 family, the NIST Cyber Security Framework (NIST CSF), the NIST SP 800-53 and NIST SP 800-82 standard, and the NIST SP 800-161 standard, which is dedicated to supply chain security, to determine the current state of supply chain security coverage. The results indicate that no standard covers even 50% of the baseline security aspects.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Exposing the Gaps: The State of Supply Chain Coverage in Current Security Standards

  • Nico Mexis,
  • Bjarne Lill,
  • Yousef Doleh,
  • Stefan Katzenbeisser

摘要

Nowadays, various standards are being used to assess and even certify the security and resilience of companies all around the world. However, as most of them focus on IT and OT-related aspects, supply chain security is often forgotten or not given enough attention. This paper aims to address this limitation by using systematic mappings between four security standards, namely the ISO/IEC 27000 family, the NIST Cyber Security Framework (NIST CSF), the NIST SP 800-53 and NIST SP 800-82 standard, and the NIST SP 800-161 standard, which is dedicated to supply chain security, to determine the current state of supply chain security coverage. The results indicate that no standard covers even 50% of the baseline security aspects.