2 . MITRE , “ Defining a System of Trust ( SoT ) as a Keystone Tool for Supply Chain Security ”, American
Bar Association SciTech Lawyer , Volume 17 , Number 2 , January 2021 . 3 . MITRE , “ Trusting Our Supply Chains : A Comprehensive Data-Driven Approach ”, January 2021 . 4 . The Open Group , “ An Approach to Assessing Vendors to Lower Potential Risk of Outsourced
Network Services ”, Mar 2020 . 5 . The Open Group , “ Open Trusted Technology Provider Standard ( O-TTPS ) – Mitigating Maliciously
Tainted and Counterfeit Products - Parts 1 and 2 and ISO / IEC 20243-1:2018 ”, Version 1.1.1 , 2018 . 6 . Department of Defense ( DoD ), “ DoD Instruction 5200.44 , Protection of Mission Critical Functions to
Achieve Trusted Systems and Networks ”, October 2018 . 7 . Department of Defense ( DoD ), “ DoD Instruction 5000.90 , Cybersecurity for Acquisition Decision
Authorities and Program Managers ”, Section 3.4 . Cybersecurity in the Supply Chain , December 2020 . 8 . Information and Communications Technology ( ICT ) Supply Chain Risk Management ( SCRM ) Task
Force , “ ICT SCRM Task Force Threat Scenarios Report ( Version 3 )”, July 2021 . 9 . ICT SCRM Task Force , “ ICT SCRM Task Force Vendor SCRM Template ”, April 2021 . 10 . Israel National Cybersecurity Directorate , “ Supply Chain Risk Management ”, September 2021 . 11 . NIST , NISTIR 8276 , “ Key Practices in Cyber Supply Chain Risk Management : Observations from
Industry ”, February 2021 . 12 . NIST , Special Publication ( SP ) 800-161 , Revision 1 , “ Supply Chain Risk Management Practices for
Federal Information Systems and Organizations ”, May 2022 . 13 . NIST , SP 800-218 , " Secure Software Development Framework ( SSDF ) Version 1.1 : Recommendations for Mitigating the Risk of Software Vulnerabilities ", February 2022 . 14 . NIST , “ Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things ( IoT )
Products ”, NIST Whitepaper , February 2022 . 15 . NASA , “ NASA ’ s Information & Communications Technology ( ICT ) Supply Chain Risk Management
( SCRM )”, May 2019 .
16 . Telecommunications Industry Association ( TIA ) Quality Excellence for Suppliers of Telecommunications ( QuEST ) Forum , “ TIA QuEST Forum SCS 9001 ® Supply Chain Security Management System Handbook ”, SCS 9001:2021 .
17 . IIC , “ Trustworthiness Framework Foundations ”, July 2021 .
The views expressed in the IIC Journal of Innovation are the author ’ s views and do not necessarily represent the views of their respective employers nor those of the Industry IoT Consortium ®.
© 2022 The Industry IoT Consortium ® logo is a registered trademark of Object Management Group ®. Other logos , products and company names referenced in this publication are property of their respective companies .
‣ Return to the beginning of this article
‣ Return to the Table of Contents
58 July 2022