Scrm 2.0: 21st Century Supply Chain Risk Management Solutions

In this 2021 re-release of the SCRM 2.0, there has been added clarification of control implementation. NIST SP 800-161 controls are critical to a successful Supply Chain Risk Management process, vital to ensuring that hardware, software, and services are equally vetted to ensure that supply chain elements are free from defect, counterfeit, or fraud. This update is designed to provide greater clarity needed to ensure an active defensive posture by public and private sector organizations.Welcome to the next iteration of SCRM. Based on a detailed explanation of current threats and application of NIST SP 800-161.

From the internationally acclaimed cybersecurity leader, Dr. Russo provides two distinct NIST 800-161, "Supply Chain Risk Management Practices for Federal Information Systems and Organizations," approaches to resolve the modern day challenge of SCRM. The solutions, while similar, provide a 21st Century resolution to better approach in a systematic way to prevent compromises to the US and global IT supply chain.The use of varied supply chain attacks by cyber attackers to access, for example, software development infrastructures have been major vectors of concerns for governments as well as the private sector. These attacks typically include targeting publicly connected software "build, test, update servers," and other portions of a software development environment. Nation-state agents can then inject malware into software updates and subsequent releases have far-ranging impacts to the IT supply chain
the challenge continues to grow.SCRM 1.0 is a concept for establishing an effective and repeatable process that can be applied against standard supply chain components such as hardware, firmware, software, etc.

Dr. Russo introduces SCRM 2.0, much like SCRM 1.0 (Product-based approach), the need is to turn to a much more precarious aspect of SCRM. We must consider the service piece of SCRM that includes the people, companies, and organizations along the supply chain that may also be compromised within the global marketing of IT equipment and capabilities. This is the next most significant issue facing the field of cybersecurity protection in the 21st Century. This updated version updates content for the reader and adds more clarity on the topic of SCRM in 2020.