Supply Chain Risk Management : Applying Secure Acquisition Principles to Ensure a Trusted Technology Product

The book presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161. It covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products. It explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization. It details a capability maturity development process that will install an increasingly competent process and an attendant set of activities and tasks within the technology acquisition process. It defines a complete and correct set of processes, activities, tasks and monitoring and reporting systems.

• Presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161.
• Covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products
• Explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization
• Details a capability maturity development process that will install an increasingly competent process and an attendant set of activities and tasks within the technology acquisition process
• Defines a complete and correct set of processes, activities, and tasks as well as monitoring and reporting systems.

Preface

Chapter 1 : What Product Risk Is and Why It Needs to be Managed
Chapter 2 : The Three Constituencies of Product Trust
Chapter 3 : Building a Standard Acquisition Infrastructure
Chapter 4 : Risk Management in the ICT Product Chain
Chapter 5 : Control Formulation and Implementation
Chapter 6 : Control Sustainment and Operational Assurance
Chapter 7 : A Capability Maturity Model for Secure Product Acquisition

Index