Cyber supply chain risk management

Further information on cyber supply chain risk management can be found in the following Australian Signals Directorate (ASD) publications:

• Choosing secure and verifiable technologies: Executive guidance
• Choosing secure and verifiable technologies
• Cyber supply chain risk management
• Identifying cyber supply chain risks.

Further information on cyber supply chain risk management can also be found in the following publications:

• Canada’s Canadian Centre for Cyber Security’s Cyber supply chain: An approach to assessing risk
• New Zealand’s National Cyber Security Centre’s Supply Chain Cyber Security: In Safe Hands
• United Kingdom’s National Cyber Security Centre’s Supply chain security guidance
• United States’ Cybersecurity & Infrastructure Security Agency’s Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.

Further information on cyber supply chain risk management can also be found on the United States’ Cybersecurity & Infrastructure Security Agency’s ICT Supply Chain Resource Library website.

Further information on cyber supply chain integrity can be found in National Institute of Standards and Technology Special Publication 800-161 Rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.

Further information on outsourced products and services can be found in the Department of Home Affairs’ Protective Security Policy Framework.

Further information on the procurement and use of evaluated operating systems, applications and IT equipment can be found in the ‘Evaluated product procurement’ and ‘Evaluated product use’ sections of the Guidelines for evaluated products.

Further information on suppliers that have made a pledge to implement Secure by Design and Secure by Default principles and practices can be found on the United States’ Cybersecurity & Infrastructure Security Agency’s Secure by Design Pledge website.