
Presents
MITRE’s System of Trust: Supply Chain Assessment Synergy Consistency and Evidence-Based
Supply Chain Risk Management Working Group
January 25, 2023, 1:00-2:00 PM ET
MITRE’s System of Trust: Supply Chain Assessment Synergy Consistency and Evidence-Based
The trustworthiness of supply chains is at the center of many of today’s global security challenges. This presentation explores the details of System of Trust (SoT), a community effort to develop and validate a process for integrating evidence of the organizational, technical, and transactional trustworthiness of supply chain elements for decision makers dealing with supply chain security. This framework defines, aligns, and addresses the specific concerns and risks that stand in the way of organizations’ trusting suppliers, supplies, and service offerings. Importantly, the framework offers a comprehensive, consistent, and repeatable methodology that is based on decades of supply chain security experience, deep insights into the complex challenges facing the procurement and operations communities, and broad knowledge of the relevant standards and best practices. By creating and curating a community-enabled structured corpus of risks about trusting organizations, products, and components, and service offerings that can be adopted, taught, and utilized by any organization involved in a supply chain, SoT offers a framework for focusing concise and rapid attention onto those risks most relevant and actionable to the parties involved in exchanging goods and services. This is comparable to how MITRE’s ATT&CK framework enables discourse and synergies in the cyber risk domain.

Robert A. Martin
Senior Principal Engineer
Robert A. Martin, a Senior Principal Engineer at the MITRE Corporation, has dedicated his career to solving some of the world’s most difficult problems in systems and software engineering. His work focuses on the interplay of risk management, cyber security, and quality assessment and assurance. For 24 years, Robert has applied his expertise to international cybersecurity initiatives such as CVE, CAPEC, and CWE, which host large active vendor and research communities, and is now working on standardizing the Software Bill of Materials (SBoM), the software supply chain assurance activities, and the supply chain security System of Trust™.
Register Here:

Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly.