NRF’s “Guide to Developing a Retail Supply Chain Cybersecurity Risk Management Plan,” developed in collaboration with The Chertoff Group, identifies supply chain-related cybersecurity risks and offers a framework and practices that can enable retailers to proactively address cybersecurity risks with partners. This model supply chain cybersecurity risk management framework includes:
A risk categorization of in-scope suppliers
Cybersecurity due diligence of these suppliers
Contractual requirements based on regulations and risk
Access controls where relevant
Ongoing monitoring elements