A
software supply chain attack occurs when an individual infiltrates a software
vendor's network the code is passed along, or the attack is from a patch or
hotfix.
"Attack can
affect all users of the compromised software and can have widespread
consequences for government, critical infrastructure, and private sector software
customers," said the report.
"Depending on
the threat actor's intent and capability, this additional malware may allow the
threat actor to conduct various malicious activities that may include
performing data or financial theft, monitoring organisations or individuals,
disabling networks or systems, or even causing physical harm or death,"
said the report.
NIST recommends the
following steps.
First,
identify tube key mission or business processes and maintain an inventory of the organisation's
current and future software licenses.
Next,
research and document how each software licence is supported by its supplier. Understand how the software supports and relates to
the key processes document. Lastly,
document a plan to address the problem.
NIST also suggests
eight key practices for establishing an SCRM approach for the software.
First, Integrate
C-SCRM across the organisation, establish a formal C-SCRM programme, and manage
critical components and suppliers.
Next, understand the
organisation's supply chain, closely collaborate with key suppliers, including
key suppliers in resilience and improvement activities.
Lastly, assess and
monitor throughout the supplier relationship and plan for the full lifecycle.
Source :
HKSG / Photo : PNGEgg.
BalasHapuspermainan poker dengan pelayanan CS yang ramah dan terbaik hanya di IONQQ :D
WA: +855 1537 3217