Integrating Zero Trust in the cyber supply chain security

The cyber supply chain has been a target of sophisticated attacks. Vulnerabilities in components that were once considered secure due to perceived trusting relationships are being exploited. One way to reduce this type of cyber risk is through the use of a Zero Trust architecture. This type of approach revises trust in all relationships. It disregards the implicit trust in any component and is based on the premise of the existence of internal threats to the corporate network. The present work proposes to integrate a Zero Trust architecture in a cyber supply chain. The main contribution of this study is to propose an organization of security controls for a cyber supply chain in domains, enabling improvements in the security of the cyber supply chain by applying the principles of a Zero Trust architecture. The study also provides a checklist of controls that allows a gap analysis and suggests some ways of visualizing this result.

Automated summary

The use of a Zero Trust architecture in a cyber supply chain can enhance security by revising trust in all relationships and assuming the presence of internal threats. This study contributes to the improvement of cyber supply chain security by proposing security controls organization, providing a control checklist, and suggesting ways to visualize the results.