Bottom Line Up Front:

Understanding your digital supply chain risk is becoming one of the significant challenges many businesses face today, especially with the move to the cloud and globalization of the computing behind those services. Recommendations on addressing the additional detailing of the supply chain, which might be part of any significant applications

• Ensure that COTS/Third Party Suppliers/SaaS are documented on the security context diagram, threat model, CMDB, and any other sources of record, as well as potential platforms which might support them as part of their digital supply chain

• Ensuring that these dependencies are captured will help to identify supply chain risks better, threat model potential mitigations for them, as well as a myriad of other detection and response activities

Overview of Supply Chain Risk

An organization’s understanding of the supply chain risk of any given system can vary based on the number of integrators or suppliers a company might use to generate i…