In today’s competitive business environment, transactional and proprietary information is increasingly shared by trading partners throughout the global supply chain. It is impossible to be a part of a connected supply chain, have automated systems, workers and customers and not be at risk for a cyber security threat. Recognizing that data is the new currency, and “more effective command and control has become an enterprise risk management priority,” the Automotive Industry Action Group (AIAG) worked with information security leaders and executives from GM, Ford, FCA and Honda to develop the Cyber Security 3rd Party Information Security guidelines.
The guidelines provide minimum security requirements in order to “provide a common secure exchange of information between an OEM and their Third Parties.” Based on industry best practices and standards such as the ISO 27002 global standard and NIST 800:53 and NIST 800:171 standards, the new automotive supply chain guidelines combine “lessons learned” in providing for a secure exchange of information for supplier partners who collect, process, manage, access or store OEM data outside of the OEM's computing environment.
By implementing these guidelines, suppliers – particularly those working with multiple OEMs – will be able to focus on complying with a single, cohesive set of cybersecurity expectations, instead of having to meet different (and potentially conflicting) guidelines. OEMs, in turn, will benefit from knowing that their supplier partners are helping protect confidential and sensitive data.
So, now what? As with ISO and IATF 16949:2016 industry standards, UT CIS has a team of experts across the state ready to help you identify challenges, develop plans, and ensure your company is ready to comply with industry standards. To learn more about the new guidelines and what, if anything, it means for your business, contact Misty DePriest, TMEP Resource Manager at misty.depriest@tennessee.edu or your local Solutions Consultant.