MITRE's System of Trust (SoT)
System of Trust (SoT) logo of interlocked building blocks

Supply Chain Security

 

Resources


White Papers

The MITRE Corporation’s Response to the Department of Commerce, Bureau of Industry and Security’s Request for Public Comment: Risks in the Information Communications Technology Supply Chain, Nathan J Edwards, Laura Marie Genova, Steve Granata, Dave Hall, Keith J Hill, Ronald Hodge, Robert A Martin, Michael W Ripley, Thomas D Stickels, Samuel S Visner, MITRE Corporation, November 2021.

Supply Chain Security - It’s Everyone’s Business, Ron Hodge, Robert A. Martin, and Michael Aisenberg, MITRE Corporation, July 2021.

Trusting Our Supply Chains: A Comprehensive Data-Driven Approach, Robert A. Martin, Center for Data-Driven Policy, MITRE Corporation, January 2021.

Deliver Uncompromised: Securing Critical Software Supply Chains, Charles Clancy, Joseph Ferraro, Robert Martin, Adam Pennington, Christopher Sledjeski, Craig Wiener, MITRE Corporation, January 2021.


Articles

The Supply Chain Security System of Trust: A Framework for the Concerns Blocking Trust in Supplies, Suppliers, and Services, Robert A. Martin, Cutter Business Technology Journal, November 2020. Free to read but registration required.


Presentations

MITRE System of Trust, Bob Martin, Brian Hall, Mike Ripley, Sean Barnum, Paul Garvey, Michael Aisenberg, Ron Hodge, Keith Hill, Justin Yeager, Chuck Lewis, MITRE Corporation, March 2021.

MITRE’s System of Trust | Supply Chain Assessment Synergy | Consistency and Evidence-Based, Robert A. Martin, MITRE Corporation, MITRE’s Hot Topics in Supply Chain Security Summit 2022, August 25, 2022. Video.

MITRE’s Hot Topics in Supply Chain Security Summit 2022, MITRE Corporation, August 25, 2022.


References

MITRE, “Creating a System of Trust: Supply Chain Security”, Presentation to the Open Group, July 2020.

MITRE, “The Supply Chain Security System of Trust: A Framework for the Concerns Blocking Trust in Supplies, Suppliers, and Services”, Cutter Business Technology Journal, November 2020.

MITRE, “Defining a System of Trust (SoT) as a Keystone Tool for Supply Chain Security”, American Bar Association SciTech Lawyer, Volume 17, Number 2, January 2021.

MITRE, “Trusting Our Supply Chains: A Comprehensive Data-Driven Approach”, January 2021.

The Open Group, “An Approach to Assessing Vendors to Lower Potential Risk of Outsourced Network Services”, March 2020.

The Open Group, “Securing the Network and Supply Chain with Industry-Driven Standards”, January 2020.

The Open Group, “Open Trusted Technology Provider Standard (O-TTPS) – Mitigating Maliciously Tainted and Counterfeit Products - Parts 1 and 2 and ISO/IEC 20243-1:2018”, Version 1.1.1, 2018.

American National Standards Institute (ANSI) Homeland Security Standards Panel, “Final Workshop Report - Global Supply Chain Security Standards”, November 2012.

Blue Hexagon Labs, "Novel Long-Line Supply Chain Campaign", August 2019.

Department of Defense (DoD), “DoD Instruction 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks”, October 2018.

Department of Defense (DoD), “DoD Instruction 5000.90, Cybersecurity for Acquisition Decision Authorities and Program Managers”, Section 3.4. Cybersecurity in the Supply Chain, December 2020.

Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, “ICT SCRM Task Force Threat Scenarios Report (Version 3)”, July 2021.

ICT SCRM Task Force, “ICT SCRM Task Force Report on Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists”, April 2021.

ICT SCRM Task Force, “ICT SCRM Task Force Vendor SCRM Template”, April 2021.

Institute of Electrical and Electronics Engineers (IEEE), “Supply Chain Decision Analytics: Application and Case Study for Critical Infrastructure Security”, Proceedings of the 11th International Conference on Cyber Warfare & Security, March 2016.

International Organization for Standardization (ISO), “Specification for security management systems for the supply chain”, ISO 28000:2007, 2007.

Israel National Cybersecurity Directorate, “Supply Chain Risk Management”, September 2021.

National Institute of Standards and Technology (NIST), NIST Interagency/Internal Report (NISTIR) 8272, “Impact Analysis Tool for Interdependent Cyber Supply Chain Risks”, March 2020.

NIST, NISTIR 8276, “Key Practices in Cyber Supply Chain Risk Management: Observations from Industry”, February 2021.

NIST, Special Publication (SP) 800-161, Revision 1, “Supply Chain Risk Management Practices for Federal Information Systems and Organizations”, May 2022.

NIST, SP 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities", February 2022.

NIST, “Recommended Criteria for Cybersecurity Labeling of Consumer Software”, NIST Whitepaper, February 2022.

NIST, “Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products”, NIST Whitepaper, February 2022.

NASA, “NASA’s Information & Communications Technology (ICT) Supply Chain Risk Management (SCRM)”, May 2019.

Telecommunications Industry Association (TIA) Quality Excellence for Suppliers of Telecommunications (QuEST) Forum, “TIA QuEST Forum SCS 9001® Supply Chain Security Management System Handbook”, SCS 9001:2021.


BACK TO TOP