In a recent article written by Jason Miller, Executive Editor for the Federal News Radio, we are told that the Department of Defense (DoD) has recently issued a new policy to protect military information on or going in between unclassified networks run by contractors and the government.
We believe that this new policy may be a good benchmark for our readers to use in writing their own organization’s information security policies for vendors and contractors in their supply chain(s).
As part of this new policy’s requirements, the DoD and the Defense Industrial Base (DIB) are to create an information sharing environment for threat information, develop best practices, create a standard for reporting of and responding to cyber attacks or threats, and develop an approach for vendors to do self-assessments of the security of their networks.
It may be too early to see all of the potential applications that this new policy may have to your own organization’s efforts in this area, however, it certainly is a good grounding in some of the basic concerns and challenges that organization’s face in managing information security risks in their own supply chains.
Click here to read Jason Miller’s article on this topic.
Click here to read the recently released DoD policy directive.