This page lists publications on cyber supply chain risk management.
Choosing secure and verifiable technologies: Executive guidance
This guide supports senior leaders to enable their organisations to understand their threat environment and make better-informed assessments and decisions to procure secure technologies.
Choosing secure and verifiable technologies
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and international partners have provided recommendations in this guide as a roadmap for choosing secure and verifiable technologies.
Cyber supply chain risk management
All organisations should consider cyber supply chain risk management. If a supplier, manufacturer, distributor or retailer (i.e. businesses that constitute a cyber supply chain) are involved in products or services used by an organisation, there will be a cyber supply chain risk originating from those businesses. Likewise, an organisation will transfer any cyber supply chain risk they hold to their customers.
How to manage your security when engaging a Managed Service Provider
Understand the actions organisations can take to manage the security risks posed by engaging and authorising network access for managed service providers.
Identifying cyber supply chain risks
This guidance has been developed to assist organisations in identifying risks associated with their use of suppliers, manufacturers, distributors and retailers (i.e. businesses that constitute their cyber supply chain).
Questions to ask managed service providers
Asking the right questions to managed service providers can help organisations better understand the cybersecurity of their systems and the services they provide.