MITRE's System of Trust (SoT)
System of Trust (SoT) logo of interlocked building blocks

Supply Chain Security
 

Resources


White Papers

The MITRE Corporation’s Response to the Department of Commerce, Bureau of Industry and Security’s Request for Public Comment: Risks in the Information Communications Technology Supply Chain, Nathan J Edwards, Laura Marie Genova, Steve Granata, Dave Hall, Keith J Hill, Ronald Hodge, Robert A Martin, Michael W Ripley, Thomas D Stickels, Samuel S Visner, MITRE Corporation, November 2021.

Supply Chain Security - It’s Everyone’s Business, Ron Hodge, Robert A. Martin, and Michael Aisenberg, MITRE Corporation, July 2021.

Trusting Our Supply Chains: A Comprehensive Data-Driven Approach, Robert A. Martin, Center for Data-Driven Policy, MITRE Corporation, January 2021.

Deliver Uncompromised: Securing Critical Software Supply Chains, Charles Clancy, Joseph Ferraro, Robert Martin, Adam Pennington, Christopher Sledjeski, Craig Wiener, MITRE Corporation, January 2021.


Articles

Leveraging a Tailorable Holistic Perspective of Supply Chain Risk to Deliver Trustworthy IoT Systems, Robert A. Martin, IIC Journal of Innovation, July 27, 2022.

Defining a System of Trust (SoT) as a Keystone Tool for Supply Chain Security, Robert A. Martin, Yosry Barsoum, J. Brian Hall, Michael A. Aisenberg, Winter 2021, SciTechLawyer, January 11, 2021. ABA membership required.

The Supply Chain Security System of Trust: A Framework for the Concerns Blocking Trust in Supplies, Suppliers, and Services, Robert A. Martin, Cutter Business Technology Journal, June 5, 2020.


Industry Articles

Addressing the Growing Threat of Supply Chain Cyberattacks - HACKERNOON December 21, 2023.

MITRE System of Trust Framework for Supply Chain Security - BITSIGHT May 31, 2023.

The Top 50 Consulting Firms of 2023 - The Consulting Report, May 23, 2023.

5 Top highlights from RSA Conference 2023 - CyberTalk.org May 2, 2023 .

The Ultimate Guide to Third-Party Cyber Risk Assessment: Everything You Need to Know / Cyber resiliency, General cyber, Vulnerability Management - psybeRevolution, April 10, 2023.

MITRE System of Trust focuses on identifying, assessing supply chain security risks; delivers assessment techniques - Industrial Cyber March 25, 2023.

MITRE Rolls Out Supply Chain Security Prototype - Dark Reading March 23, 2023.


Presentations

Creating the Standard for Supply Chain Risk, ConversingLabs podcast Season 4, Episode 9, Reversing Labs, June 2023.

Robert Martin on MITRE's System of Trust and its progress video, Tenchi 1:1 Series podcast, Tenchi Security, May 2023.

Creating the Standard for Supply Chain Risk MITREs System of Trust ™ video, Robert A. Martin, MITRE Corporation, RSA Conference 2023, April 25, 2023.

Automating Supply Chain Integrity video, Robert A. Martin, MITRE Corporation, GrammaTech Blog, October 6, 2022.

MITRE’s System of Trust | Supply Chain Assessment Synergy | Consistency and Evidence-Based, Robert A. Martin, MITRE Corporation, MITRE’s Supply Chain Security Hot Topics Summit 2022, August 25, 2022. Video.

MITRE’s Supply Chain Security Hot Topics Summit 2022, MITRE Corporation, August 25, 2022.

Addressing Supply Chain Security Risks: MITRE’s System of Trust video, Robert A. Martin, MITRE Corporation, RSA 2022, June 7, 2022.

Robert Martin of MITRE on Supply Chain System of Trust, ConversingLabs podcast, Reversing Labs, June 2022.

MITRE System of Trust, Bob Martin, Brian Hall, Mike Ripley, Sean Barnum, Paul Garvey, Michael Aisenberg, Ron Hodge, Keith Hill, Justin Yeager, Chuck Lewis, MITRE Corporation, March 2021.

Status of MITRE System of Trust Initiative video, Robert A. Martin, MITRE Corporation, The Open Group & Security Forum, July 2020.


References

MITRE, “Creating a System of Trust: Supply Chain Security”, Presentation to the Open Group, July 2020.

MITRE, “The Supply Chain Security System of Trust: A Framework for the Concerns Blocking Trust in Supplies, Suppliers, and Services”, Cutter Business Technology Journal, November 2020.

MITRE, “Defining a System of Trust (SoT) as a Keystone Tool for Supply Chain Security”, American Bar Association SciTech Lawyer, Volume 17, Number 2, January 2021.

MITRE, “Trusting Our Supply Chains: A Comprehensive Data-Driven Approach”, January 2021.

The Open Group, “An Approach to Assessing Vendors to Lower Potential Risk of Outsourced Network Services”, March 2020.

The Open Group, “Securing the Network and Supply Chain with Industry-Driven Standards”, January 2020.

The Open Group, “Open Trusted Technology Provider Standard (O-TTPS) – Mitigating Maliciously Tainted and Counterfeit Products - Parts 1 and 2 and ISO/IEC 20243-1:2018”, Version 1.1.1, 2018.

American National Standards Institute (ANSI) Homeland Security Standards Panel, “Final Workshop Report - Global Supply Chain Security Standards”, November 2012.

Blue Hexagon Labs, "Novel Long-Line Supply Chain Campaign", August 2019.

Department of Defense (DoD), “DoD Instruction 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks”, October 2018.

Department of Defense (DoD), “DoD Instruction 5000.90, Cybersecurity for Acquisition Decision Authorities and Program Managers”, Section 3.4. Cybersecurity in the Supply Chain, December 2020.

Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, “ICT SCRM Task Force Threat Scenarios Report (Version 3)”, July 2021.

ICT SCRM Task Force, “ICT SCRM Task Force Report on Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists”, April 2021.

ICT SCRM Task Force, “ICT SCRM Task Force Vendor SCRM Template”, April 2021.

Institute of Electrical and Electronics Engineers (IEEE), “Supply Chain Decision Analytics: Application and Case Study for Critical Infrastructure Security”, Proceedings of the 11th International Conference on Cyber Warfare & Security, March 2016.

International Organization for Standardization (ISO), “Specification for security management systems for the supply chain”, ISO 28000:2007, 2007.

Israel National Cybersecurity Directorate, “Supply Chain Risk Management”, September 2021.

National Institute of Standards and Technology (NIST), NIST Interagency/Internal Report (NISTIR) 8272, “Impact Analysis Tool for Interdependent Cyber Supply Chain Risks”, March 2020.

NIST, NISTIR 8276, “Key Practices in Cyber Supply Chain Risk Management: Observations from Industry”, February 2021.

NIST, Special Publication (SP) 800-161, Revision 1, “Supply Chain Risk Management Practices for Federal Information Systems and Organizations”, May 2022.

NIST, SP 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities", February 2022.

NIST, “Recommended Criteria for Cybersecurity Labeling of Consumer Software”, NIST Whitepaper, February 2022.

NIST, “Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products”, NIST Whitepaper, February 2022.

NASA, “NASA’s Information & Communications Technology (ICT) Supply Chain Risk Management (SCRM)”, May 2019.

Telecommunications Industry Association (TIA) Quality Excellence for Suppliers of Telecommunications (QuEST) Forum, “TIA QuEST Forum SCS 9001® Supply Chain Security Management System Handbook”, SCS 9001:2021.


BACK TO TOP