INTRODUCTION
Supply chain companies are important to the aerospace anddefense industrial base. Suppliers may have unique capabilitiesthat are vital to aerospace and defense programs.
Aerospace and defense companies have been dealing with thethreat of cyber intrusion for the past several years. As companieshave increased the security of their IT network defenses, theattackers are now being driven to softer targets where they mayfind some of the same type of data that they previously had soughtfrom these companies. The adversary is also using the collaborativerelationships between the aerospace and defense companies and theirsuppliers as a “back door” as the defenses get better. Companiesfurther down the supply chain may not have had the opportunity orexpertise necessary to fully prepare to defend their systems fromthese attackers, but the result of the increased defenses in themajor suppliers is that the attacker may target their suppliersbased on their vulnerabilities. This document was designed to be asupplier baseline so that suppliers know what kind of security theyneed to have if they want to do business with aerospace and defensecompanies.
Who should use this document?
This standard practice is written to be used by the aerospaceand defense supply chain. It provides basic information that asupplier can use to:
• assess themselves on their information technology securitypractices;
• determine their preparedness for cyber threat risk managementfor their customer; and
• assess the risks presented by their own suppliers.
Through the process of self-assessment suppliers can determinewhere their strengths and weaknesses exist.
This document should be used by any supplier that is interestedin protecting their data from disruption or exfiltration. There arethree distinct tiers of supplier that could benefit from thisstandard practice. These tiers are defined as:
Tier1: Suppliers that operate without a dedicated InformationTechnology professional on staff nor do they have a dedicatedInformation Technology Security professional. (Questions 1-5)
Tier 2: Suppliers with a dedicated Information Technologyprofessional on staff, but have no dedicated Information TechnologySecurity professional. (Questions 1-17)
Tier 3: Suppliers that have both dedicated InformationTechnology professionals and dedicated Information TechnologySecurity professionals on staff. (Questions 1-72)
- Edition:
- 13
- Published:
- 01/31/2013
- Number of Pages:
- 8
- File Size:
- 1 file , 98 KB
Reviews
There are no reviews yet.