Charter
of Trust
main
cot

Responsibility throughout the digital supply chain
Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as
– Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.
– Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.
– Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable life cycle for their products, systems, and services via a secure update mechanism.

Based on this statement, the CoT members developed a common risk-based approach aligned with international norms to help improve cybersecurity and provide visibility through the supply chain. Three elements form this risk-based approach:
– Baseline requirements are common for all digital suppliers and define the fundamentals that a supplier must address in order to ensure the cybersecurity foundations for their product/service
– Supplier criticality Digital suppliers have different criticalities depending on risk factors, which are also dependent on the context viewed by the purchaser
– Verification Verification to the baseline requirements is dependent on the criticality of the supplier

The purpose of this document is to describe such a risk-based approach and its impact on the digital supply chain with a focus on the various stakeholders throughout the digital supply chain.

Download
CoT-P2-common risk based approach
icon PUBLICATIONS SUPPLY CHAIN SECURITY
left
PREVIOUS POST
Principle Use Cases – Atos
NEXT POST
Harmonising Regulation - a CoT perspective
next

You may also like

Harmonising Regulation - a CoT perspective
icon External Engagement

Harmonising Regulation - a CoT perspective

In response to rising cyber threats, governments are enacting new cybersecurity laws and regulations, with some, like the United States (US), moving from voluntary public-private partnerships to more stringent regulatory approaches, while others, like the European Union (EU), are updating existing regulations (e.g. the Network and Information Security (NIS) Directive 2, or NIS 2) and creating new ones (e.g., Cyber Resilience Act, CRA). These efforts often set precedents for other nations, but the lack of international coordination in cybersecurity regulation remains a challenge. This fragmentation, coupled with shortages of cybersecurity talent, risks diverting resources from essential cyber defense to compliance, potentially increasing costs, complexity, and undermining resilience and innovation. Some solutions include reciprocity agreements, adopting international standards, and leveraging third-party assessments to streamline regulations and improve global alignment.

To read the full publication, see the download link below.
Read more
October 15, 2024
Charter of Trust Cybersecurity Policy Manifesto
icon External Engagement

Charter of Trust Cybersecurity Policy Manifesto

The Charter of Trust presents this Manifesto as a call to action for Policymakers to join forces in the pursuit of a secure and resilient digital environment. As a collective of leading technology, cybersecurity, and industry stakeholders, we believe that a united and collaborative approach is essential for effectively combating cyber threats that endanger the security, privacy, and prosperity of our societies.
Our vision is to establish a strong, secure, and resilient digital Europe that fosters innovation, economic growth, and social progress while protecting individual rights and safeguarding the values of a democratic society.
Read more
April 12, 2024
Charter of Trust report: Guideline on Cybersecurity Risk Assessment
icon Security by Default

Charter of Trust report: Guideline on Cybersecurity Risk Assessment

This document highlights the significance of caution and due diligence in relation to cyber risks when processes and value chains are supported by digital technology to improve efficiency. As digitalization progresses, such risks exist in products which are combined to systems and networks in the IT but also in the OT world. The intent of this document is to offers practical guidance to risk management based on the experience and expertise of the members of the Charter of Trust P3 Task Force.
Read more
February 15, 2024

Get in touch with us

Sign up for our newsletter to stay informed with the latest updates, in-depth reports, and expert insights on cybersecurity.
More about our newsletter More about our newsletter
First and Last Name*
Email*
More about our newsletter More about our newsletter
For a secure digital world.
Get in Touch
Contact us here
contact@charteroftrust.info
Follow us
linkedin linkedin

Website by bg

charteroftrust.com Website © 2024