Exposing the Gaps: The State of Supply Chain Coverage in Current Security Standards
摘要
Nowadays, various standards are being used to assess and even certify the security and resilience of companies all around the world. However, as most of them focus on IT and OT-related aspects, supply chain security is often forgotten or not given enough attention. This paper aims to address this limitation by using systematic mappings between four security standards, namely the ISO/IEC 27000 family, the NIST Cyber Security Framework (NIST CSF), the NIST SP 800-53 and NIST SP 800-82 standard, and the NIST SP 800-161 standard, which is dedicated to supply chain security, to determine the current state of supply chain security coverage. The results indicate that no standard covers even 50% of the baseline security aspects.