Documents Analyze How SCS 9001 Operationalizes Goals of U.S. Executive Order 14028 and U.K. NCSC’s 10 Steps to Cybersecurity
Arlington, VA (April 28, 2022) – The Telecommunications Industry Association—the trusted industry association for the connected world—has released the first two of a series of Technical Bulletins that examine how the recently released SCS 9001 supply chain security standard offers a comprehensive, auditable and verifiable solution to help meet the goals of international government initiatives aimed at improving global cyber security. The new documents come after TIA submitted comments this week to the National Institute of Standards and Technology (NIST) request for information on updating the Cybersecurity Framework and Cybersecurity Supply Chain Risk Management.
The purpose of the new Technical Bulletins is to show how the recently released SCS 9001 Supply Chain Security Standard can be a global resource to help both governments and businesses improve the information communications technology (ICT) industry’s supply chain security. TIA analyzed the key requirements of recent government-led initiatives and provided details on how the SCS 9001 standard certification would help meet the key goals for each initiative.
“This is a critical time for our industry as governments worldwide are leaning toward a more prescriptive approach to deal with the threat landscape that surrounds our global networking technology supply chains,” said TIA CEO, David Stehlin. “Using TIA QuEST Forum’s proven methodology for continuous improvement, through certified verification and benchmarking results, industry and governments can work together to improve the security of ICT products and services. SCS 9001 brings value to networks and critical ICT infrastructure of all types while also demonstrating to governments that industry can operationalize their guidelines.”
These first Technical Bulletins from TIA focus on how SCS 9001 enables the desired results of two recent government-led initiatives: U.S. Executive Order 14028 and the United Kingdom’s National Cyber Security Centre’s Ten Steps to Cyber Security. Additional Technical Bulletins are coming soon, including analyses on how the new standard would have performed against supply chain-based breaches like the “Log4shell” attack via Apache Log4j and the “Sunburst” attack on SolarWinds.
“Security must be built in rather than bolted on and must be an integral part of the product and system design process,” said Mike Regan, vice president of business performance at TIA. “By adding definition and clarity to the requirements needed to attain supply chain security, we are now able to measure performance and verify achievement against a comprehensive set of controls that will help mitigate the complex supply chain breaches and attacks that continue to plague organizations and concern governments.”
To download the bulletins, CLICK HERE
To learn more about SCS 9001, CLICK HERE
Dan Brown, (703) 907-7074, firstname.lastname@example.org
The Telecommunications Industry Association (TIA) represents more than 400 global companies that enable high-speed communications networks and accelerate next-generation ICT innovation. Through leadership in U.S. and international advocacy, technology programs, standards development, and business performance solutions, TIA and its members are accelerating global connectivity across every industry and market. TIA is accredited by the American National Standards Institute (ANSI).