The CIS Components, Supply Chain Trustworthy Analysis and Third-Party Risk Service, provides assessment to CIS components and their trustworthiness as well as analysis of vendor risk.
This service provides analysis and evaluation on the reliability of CIS components and the trust that can be placed upon them. Coordination in Security Risk Assessment of Customer Working Groups supports, leads, or coordinates Security Risk Assessment Working Groups for Customer programmes or projects.
CIS Component Cyber Security: Analyse and evaluate the extent to which one can rely on a CIS component, be it hardware, software, or both, to function as intended. The assessment can be made through either a set of assurance techniques or less rigorous means.
Supply Chain Cyber Security: Plan for, collect information about, assess, and handle the level of trust that can be placed in the components of a CIS based on the supply of sub-components, manufacturing, and logistics.
Coordination in Security Risk Assessment Working Groups: Support, lead, or coordinate Security Risk Assessment Working Groups for Customer programmes or projects. This includes lead or coordinating the meetings and ex-committee work, providing advice regarding security risk assessment and risk management process, and support conducting SRA by Hardsecure. This service entails the review and approval (in coordination with Customer Security Audit Authorities) of the specification of risk assessment/management tools used for Customer CIS (e.g. Customer profile for EAR/PILAR), the development and maintenance of generic security risk assessment for Customer CIS scenarios.
Security Test and Verification (ST&V): Pre-Production Security Testing and Consultancy services conducted in support of Change Management and accreditation processes, for projects includes documentation review, vulnerability assessment and penetration testing.
Third-party Risk Assessment support the analysis of vendor risk posed by an organization's third-party relationships along the entire supply chain, including vendors, service providers, and suppliers. Risks to be considered include security risk, business continuity risk, privacy risk, and reputational risk.