NRF’s “Guide to Developing a Retail Supply Chain Cybersecurity Risk Management Plan,” developed in collaboration with The Chertoff Group, identifies supply chain-related cybersecurity risks and offers a framework and practices that can enable retailers to proactively address cybersecurity risks with partners. This model supply chain cybersecurity risk management framework includes:
- A risk categorization of in-scope suppliers
- Cybersecurity due diligence of these suppliers
- Contractual requirements based on regulations and risk
- Access controls where relevant
- Ongoing monitoring elements