Request for review: Governance of security supply chain Draft Report (Block 14)

Working Group(s) Cyber Security
1

@Tomofumi_Okubo @Mitchell @JBringer

Hello Cybersecurity WG Chairs and Experts,

Following our sessions at BGIN Block 14 in Tokyo, we have prepared the draft session report for: Governance of security supply chain.

Review Request: Please review the attached draft for technical accuracy and provide any feedback, corrections, or additions directly in this thread by March 27.

Security_Governance_of_security_supply_chain.docx (52.0 KB)

Thank you for your contributions to these governance standards.

Best regards,

Rola

2

Anonymization issue (Sandra’s organization… several times)

Remove '“The group will break for lunch and reconvene in one hour.

After the break, there will be a presentation from GFSA followed by a session on key management.

Fixes:
3GPP to be replaced by GBBC ; NORS (?) may be related to SEAL? ; BSSC is BlockchainSecurity Standards Council (BSSC)

Few additional key take-aways:

  • education of the supply chain actors is needed to ensure appropriate processes are in place at vendor’s side too; best practices
  • 3rd party risk management is required in addition to the mapping with existing controls
  • a comprehensive check-list would be useful to underwrite cryptoindustries
  • common hacks vs gaps would be a way to further illustrate the importance of the controls (JFSA report when available, JP Crypto ISAC study)