NIST compliance is mandatory for any entity and service provider processing Controlled Unclassified Information (CUI) on behalf of the US Federal Government. Given the substantial risk to national security if this sensitive data is exploited and the high potential of its compromise through supply chain attacks, the range of organizations expected to comply with this cybersecurity regulation is intentionally broad.

Today’s threat landscape is driven by digital transformation and the outsourcing of critical operations to third-party vendors. Cybercriminals’ high demand for sensitive data paired with a historical lack of cybersecurity investment across the industry is cause for concern. Healthcare organizations recognize they have the choice to either increase their cyber spending or inevitably fall victim to a costly data breach. However, investing in cybersecurity solutions alone isn’t enough.

The National Institute of Standards and Technology (NIST) recently updated its guidance to offer support for key practices and approaches involved in successful cyber security supply chain risk management (C-SCRM). In this blog post, we provide an overview of the update and what it means for organisations.

The National Institute of Standards and Technology is an agency within the U.S. Department of Justice. It was founded in 1901 to support science and technological development. For decades, it has provided guidance on computer security. In 2014, in cooperation with public and private sector experts, the NIST released its cybersecurity framework. The framework combines best practices and industry standards to help organizations deal with cybersecurity risks.

Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of components and software that often form a final product, supply chains carry inherent cybersecurity risks.

Rubrik was built on a foundation of Zero Trust architecture. The National Institute of Standards and Technology (NIST) is a United States federal agency that works with organizations of all sizes to help them implement cybersecurity best practices.

As financial institutions migrate to modern infrastructure and cloud services, bad actors have extended their skills and capabilities to achieve their missions. This is compounded by the fact that financial and payment vehicles continue to go virtual. Even the slightest breach can result in fines and reputational harm. Many financial institutions are successfully taking a risk-based approach to cybersecurity, according to our recent co-sponsored study with ThoughtLab.