Cyber Supply Chain Guidance | Cyber.gov.au

Individuals & families Small & medium businesses Large organisations & infrastructure Government

This page lists the ACSC’s publications on securing the trading relationships that are required to deliver products and services.

Cyber Supply Chain Risk Management

All organisations should consider cyber supply chain risk management. If a supplier, manufacturer, distributor or retailer (i.e. businesses that constitute a cyber supply chain) are involved in products or services used by an organisation, there will be a cyber supply chain risk originating from those businesses. Likewise, an organisation will transfer any cyber supply chain risk they hold to their customers.

Identifying Cyber Supply Chain Risks

This guidance has been developed to assist organisations in identifying risks associated with their use of suppliers, manufacturers, distributors and retailers (i.e. businesses that constitute their cyber supply chain).

How to Manage Your Security When Engaging a Managed Service Provider

The compromise of several Managed Service Providers’ (MSPs) was reported in 2017. In response, the Australian Cyber Security Centre (ACSC) provided organisations with the information they needed to protect themselves and others from this threat.

Questions to ask Managed Service Providers

This document provides simple yet practical questions to ask managed service providers regarding the cyber security of their systems and the services they provide.