Beta testing the cyber supply chain survey tool
Trinh, Hung (Fed)
Dear SSCA Forum members,
We seek your assistance in beta testing the cyber supply chain survey tool, developed as a research and educational resource to assess an organization’s supply chain risk posture. The cyber supply chain survey tool is cloud-based with a web interface for participants to enter the survey data anonymously and securely. The survey questions ask for information on a broad range of organization and cyber supply chain-related practices. The questionnaire, grouped into the Cybersecurity Framework 1.1 (CSF) functions, was developed through years of research, surveys, and interviews with broad industries. The answers to the questions are primarily simple yes/no or Likert scale selection. The survey results provide a view into the organization's risk profile based on the extent of its adoption of the practices referenced in the CSF and identify additional NIST resources to support the implementation of any potential gap areas and better manage any residual risk.
The survey questionnaire requires input from multiple departments and teams at different levels of the organization. Since the workflow is designed for a single-person entry, we highly recommend that the responses to the survey questionnaire be collected as part of preparation before data entry into the survey. The complete questionnaire is available in the User Guide or can be printed from the survey tool webpage. To access the cyber supply chain survey tool and user guide, please follow this URL:
https://csrc.nist.gov/Projects/cybersecurity-risk-analytics/cscs-tool.
Your input and insights will be valuable in improving the application and planning future iterations. We would like your thoughts on the workflow, navigation, the length of time needed to gather the information for the survey, and the improvements to the questionnaires. We would appreciate it if you could provide us with your feedback and suggestions to enhance the application by July 9th. The link to the feedback form is available from the URL above or can be directly downloaded here.
Please send your feedback and questions to cyberrisk...@nist.gov.
If you missed the demo at the Spring 2024 SSCA Forum and are interested in a demo, please let us know what times work best for a walkthrough of the tool. Thank you for your assistance.
Regards,
Hung Trinh
Security Engineering and Risk Management
National Institute of Standards and Technology