NEMA CPSP 1 : 2015
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
SUPPLY CHAIN BEST PRACTICES
18-05-2021
12-08-2015
EXECUTIVE SUMMARY
ACKNOWLEDGEMENTS
INTRODUCTION
DOCUMENT SCOPE
DEFINITIONS
RISK TOLERANCE
SUPPLY CHAIN COMMUNICATION
BEST PRACTICES
MANUFACTURING AND ASSEMBLY
Identification of Threats
Analysis and Recommendations
TAMPER-PROOFING
Identification of Threats
Analysis and Recommendations
SECURITY DEVELOPMENT LIFE CYCLE
Identification of Threats
Analysis and Recommendations
DECOMMISSIONING/REVOCATION
Identification of Threats
Analysis and Recommendations
Appendix A - REFERENCE DOCUMENTS
Appendix B - REFERENCE ARCHITECTURES
Describes United States supply chain integrity through four phases of the product life cycle: manufacturing and assembly, tamper-proofing, security development life cycle, and decommissioning/revocation.
| DocumentType |
Standard
|
| PublisherName |
National Electrical Manufacturers Association
|
| Status |
Superseded
|
| SupersededBy |
| IEC TR 80002-1:2009 | Medical device software - Part 1: Guidance on the application of ISO 14971 to medical device software |
| ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
| ISO/IEC 29147:2014 | Information technology Security techniques Vulnerability disclosure |
| IEC TS 62443-1-1:2009 | Industrial communication networks - Network and system security - Part 1-1: Terminology, concepts and models |
| IEC TS 62351-3:2007 | Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP |
| IEC TS 62351-6:2007 | Power systems management and associated information exchange - Data and communications security - Part 6: Security for IEC 61850 |
| IEC TS 62351-4:2007 | Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS |
| ISO 31000:2009 | Risk management Principles and guidelines |
| ISO/IEC 27033-1:2015 | Information technology Security techniques Network security Part 1: Overview and concepts |
| ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
| ISO/IEC 27033-5:2013 | Information technology — Security techniques — Network security — Part 5: Securing communications across networks using Virtual Private Networks (VPNs) |
| IEC TS 62351-5:2013 | Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives |
| IEEE 1619-2007 | IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices |
| ISO/IEC 27036-3:2013 | Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security |
| IEC TS 62351-7:2010 | Power systems management and associated information exchange - Data and communications security - Part 7: Network and system management (NSM) data object models |
| ISO/IEC 27033-4:2014 | Information technology — Security techniques — Network security — Part 4: Securing communications between networks using security gateways |
| ISO/IEC 27036-1:2014 | Information technology Security techniques Information security for supplier relationships Part 1: Overview and concepts |
| IEC TS 62351-1:2007 | Power systems management and associated information exchange - Data and communications security - Part 1: Communication network and system security - Introduction to security issues |
| ISO/IEC 27036-2:2014 | Information technology Security techniques Information security for supplier relationships Part 2: Requirements |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
| ISO/IEC 27033-3:2010 | Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues |
| ISO/IEC 27033-2:2012 | Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security |
| ISO/IEC 30111:2013 | Information technology Security techniques Vulnerability handling processes |
| ISO 27799:2016 | Health informatics Information security management in health using ISO/IEC 27002 |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.