NIST.SP.800-161
13.04.2015 Views
Share Embed Flag

NIST.SP.800-161

NIST.SP.800-161

NIST.SP.800-161

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
icsisac

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Special Publication 800-<strong>161</strong><br />

Supply Chain Risk Management Practices for Federal<br />

Information Systems and Organizations<br />

________________________________________________________________________________________________________<br />

List of Figures and Tables<br />

FIGURE 1-1: FOUR PILLARS OF ICT SCRM ....................................................................................................................... 4<br />

FIGURE 1-2: FEDERAL AGENCY RELATIONSHIPS WITH SYSTEM INTEGRATORS, SUPPLIERS, AND EXTERNAL SERVICE PROVIDERS WITH<br />

RESPECT TO THE SCOPE OF <strong>NIST</strong> SP 800-<strong>161</strong>. ........................................................................................................ 5<br />

FIGURE 1-3: ICT SUPPLY CHAIN RISK .............................................................................................................................. 7<br />

FIGURE 1-4: AN ORGANIZATION’S VISIBILITY, UNDERSTANDING, AND CONTROL OF ITS ICT SUPPLY CHAINS ................................. 8<br />

FIGURE 1-5: ICT SCRM SECURITY CONTROLS IN <strong>NIST</strong> SP 800-<strong>161</strong>, CHAPTER 3.5 .............................................................. 14<br />

FIGURE 2-1: RISK MANAGEMENT PROCESS .................................................................................................................... 16<br />

FIGURE 2-2: MULTITIERED ORGANIZATION-WIDE RISK MANAGEMENT ................................................................................ 18<br />

FIGURE 2-3: ICT SCRM RISK MANAGEMENT ................................................................................................................. 22<br />

FIGURE 2-4: ICT SCRM ACTIVITIES IN RISK MANAGEMENT PROCESS.................................................................................. 23<br />

FIGURE 2-5: ICT SCRM IN THE FRAME STEP .................................................................................................................. 25<br />

FIGURE 2-6: ICT SCRM IN THE ASSESS STEP .................................................................................................................. 34<br />

FIGURE 2-7: ICT SCRM IN THE RESPOND STEP ............................................................................................................... 41<br />

FIGURE 2-8: ICT SCRM IN THE MONITOR STEP .............................................................................................................. 46<br />

FIGURE 3-1: ICT SCRM SECURITY CONTROLS IN <strong>NIST</strong> SP 800-<strong>161</strong>, CHAPTER 3.5 .............................................................. 50<br />

FIGURE D-1: SAMPLE THREAT SCENARIO ANALYSIS FRAMEWORK ..................................................................................... D-4<br />

FIGURE E-1: ISO/IEC 15288 LIFE CYCLE PROCESSES ..................................................................................................... E-1<br />

FIGURE E-2: ICT SCRM PLAN AND LIFE CYCLES ............................................................................................................. E-2<br />

FIGURE E-3: AGENCY IMPLEMENTATION OF ICT SCRM PLAN ........................................................................................... E-7<br />

TABLE 2-1: SUPPLY CHAIN RISK MANAGEMENT STAKEHOLDERS ......................................................................................... 19<br />

TABLE 2-2: EXAMPLES OF ICT SUPPLY CHAIN THREAT AGENTS .......................................................................................... 27<br />

TABLE 2-3: SUPPLY CHAIN THREAT CONSIDERATIONS ....................................................................................................... 28<br />

TABLE 2-4: SUPPLY CHAIN VULNERABILITY CONSIDERATIONS ............................................................................................. 29<br />

TABLE 2-5: SUPPLY CHAIN CONSTRAINTS ....................................................................................................................... 31<br />

TABLE 2-6: EXAMPLES OF ICT SUPPLY CHAIN VULNERABILITIES MAPPED TO THE ORGANIZATIONAL TIERS .................................. 38<br />

TABLE 2-7: ICT SCRM PLAN CONTROLS AT TIERS 1, 2, AND 3 .......................................................................................... 45<br />

TABLE 3-2: ICT SCRM CONTROL FORMAT .................................................................................................................... 53<br />

TABLE A-1: ICT SCRM CONTROL SUMMARY ............................................................................................................... A-1<br />

TABLE C-1: ADVERSARIAL ICT SUPPLY CHAIN THREAT EVENTS ......................................................................................... C-1<br />

TABLE C-2: NON-ADVERSARIAL ICT SUPPLY CHAIN THREAT EVENTS ................................................................................. C-6<br />

Page vii

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!