|
Work item:
|
X.rm-sup
|
|
Subject/title:
|
Risk management on the security of software supply-chain for telecommunication organizations
|
|
Status:
|
Under study [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026-09 (Medium priority)
|
|
Liaison:
|
ISO/IEC JTC 1/SC 27 WG4 & WG5
|
|
Supporting members:
|
China, China Mobile
|
|
Summary:
|
In recent years, security incidents on software supply-chain have become more popular and more complex as well as cyber attacks against software supply-chain. Telecommunication organizations are facing serious security challenges from more complex and specific security risks of software supply-chain. Several key factors need to be fully taken into consideration as managing the security risks of software supply-chain. For example, enormous and numerous software systems containing diversified subsystems/ components, strict quality requirements for the robustness and stability of multiple telecommunication networks and services, services supporting or related with software supply-chain but out of the boundary of telecommunication organizations.
Therefore, telecommunication organizations would be more vulnerable to the security risks of software supply-chain and should consider taking more concrete and specific measures to face these security challenges. This Recommendation would identify the specific and common software supply-chain security risks faced by telecommunication organizations and recommend requirements on the security risk management with the methodology recommended in ISO 27005 and ITU-T X.1055.
|
|
Comment:
|
incubation queue
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-09-20 23:26:58
|
|
Last update:
2024-09-13 10:16:12
|
