acm-header
Sign In

Communications of the ACM

ACM News

New Supply Chain Security Standard for ICT


A representation of the digital aspects of supply chains.

TIA will provide organizations that leverage the new SCS 9001 standard with anonymized quarterly and annual security benchmark reports to track their performance against the industry’s best, worst, and average results.

Credit: Telecommunications Industry Association

The Telecommunications Industry Association announced the release of the world's first supply chain security standard, SCS 9001™, developed specifically for the information and communications technology (ICT) industry. SCS 9001 is relevant for all ICT industry products, including software, hardware, and the services that connect to our global networks.

The objective of SCS 9001 is to verify end-to-end cyber and physical security across ICT network infrastructure. To accomplish this, SCS 9001 was created as a process-based standard with an independent audit and certification program for suppliers and service providers to verify that critical security controls and processes are in place for their products and solutions. The new standard is unique because it is built around a Quality Management System (QMS) which operationalizes industry guidelines and best practices, such as ISO 27001, the Prague Proposals, relevant NIST standards, and the CSIS Criteria for Security and Trust.

"Our global community depends on connectivity and while technology continues to outpace security, we now have a process-based, verifiable standard to significantly mitigate threats to the ICT supply chain," said David Stehlin, CEO of TIA. "We thank the members of our industry Working Group and all those who contributed to this important standard. Two years ago, they set an aggressive timeline to develop this critical new standard to help make our networks more secure and address the global rise in supply chain breaches; and today, we are proud to release SCS 9001."

SCS 9001 was officially approved for release on 31 December 2021 after 20 months of work by TIA's QuEST Forum Supply Chain Security Working Group and its subcommittees of dedicated industry technology and security experts. The final stages of the development process included an invitation for feedback and comments on the draft standard to over 90 companies and governments worldwide. This generated nearly 500 different comments that have all been reviewed and addressed by the Working Group.

From Telecommunications Industry Association
View Full Article

 


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account