Cyber Security Body of Knowledge (CyBOK)
Resources for individuals and organisations in the UK who have experienced an online scam or cyber attack.
Find a range of products & services from NCSC and certified 3rd party suppliers
Working with industry, government and academia to support the next generation of researchers, students and cyber security professionals
All the latest information to help you keep track of what's happening
Proposing a series of 12 principles, designed to help you establish effective control and oversight of your supply chain.
The guidance will provide organisations with an improved awareness of supply chain security, as well as helping to raise the baseline level of competence in this regard, through the continued adoption of good practice. Whilst beneficial, this guidance has not been written for organisations with national security (high assurance), requirements.
Most organisations rely upon suppliers to deliver products, systems, and services. You probably have a number of suppliers yourself, it's how we do business.
But, supply chains can be large and complex, involving many suppliers doing many different things. Effectively securing the supply chain can be hard because vulnerabilities can be inherent, or introduced and exploited at any point in the supply chain. A vulnerable supply chain can cause damage and disruption.
Despite these risks, many companies lose sight of their supply chains. In fact, according to the
, very few UK businesses set minimum security standards for their suppliers.
A series of high profile, very damaging attacks on companies has demonstrated that attackers have both the intent and ability to exploit vulnerabilities in supply chain security. This trend is real and growing. So, the need to act is clear.
Cyber Essentials certification provides a tangible, efficient way for organisations to gain assurance that their suppliers, or other third parties, have effectively implemented fundamental technical controls and that they are protected from the majority of untargeted, commodity attacks. Please refer to the
have been designed to help you gain and maintain the necessary level of control over your supply chain
Implementing these recommendations will take time, but the investment will be worthwhile. It will improve your overall resilience, reduce the number of business disruptions you suffer and the damage they cause.
It will also help you demonstrate compliance with GDPR, the new Data Protection Act. Ultimately, these measures may help you win new contracts, because of the trust you have sought in the security of your supply chain.
The following sources provide information on managing supply chain security threats and risks:
DCPP is a joint Ministry of Defence (MOD) / industry initiative to improve the protection of the defence supply chain from the cyber threat.
This framework helps the government to manage supplier risk.
Specification for security management systems for the supply chain.
SBOMs and the importance of inventory
Attackers are compromising open-source packages to spread malware. Cyber defenders are asked to review dependencies to reduce risks
Can a Software Bill of Materials (SBOM) provide organisations with better insight into their supply chains?
UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains
Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.