Store Home | Store Login | Store Help | Sign In |
  •  Shopping Cart  (0) 
      Your Shopping Cart is empty.
      If you already have an account, Sign In
      If you are new to IHS, Create New Account
Document Number: Title / Keyword: Limit Search To:
SEARCH STANDARDS:
NAS9924 (Complete Document)
Revision / Edition: 13    Chg: NEW    Date: 01/31/13   Abbreviations Definitions
Historical View current edition
CYBER SECURITY BASELINE
Published By:Aerospace Industries Association (AIA/NAS)
Page Count:8
Secure PDF
$59.00 USD
  In Stock
Print :
$59.00 USD
  In Stock
Product Family
Current Edition
Referenced Items
There are no items in this referenced list
People Also Bought These
ASTM E1417/E1417M
ASME Y14.5
AWS D17.1/D17.1M
NAS1613
NAS410
More...
Related Products
There are no related products.
IHS Standards Expert
Description / Abstract Back to Top
INTRODUCTION

Supply chain companies are important to the aerospace and defense industrial base. Suppliers may have unique capabilities that are vital to aerospace and defense programs.

Aerospace and defense companies have been dealing with the threat of cyber intrusion for the past several years. As companies have increased the security of their IT network defenses, the attackers are now being driven to softer targets where they may find some of the same type of data that they previously had sought from these companies. The adversary is also using the collaborative relationships between the aerospace and defense companies and their suppliers as a "back door" as the defenses get better. Companies further down the supply chain may not have had the opportunity or expertise necessary to fully prepare to defend their systems from these attackers, but the result of the increased defenses in the major suppliers is that the attacker may target their suppliers based on their vulnerabilities. This document was designed to be a supplier baseline so that suppliers know what kind of security they need to have if they want to do business with aerospace and defense companies.

Who should use this document?

This standard practice is written to be used by the aerospace and defense supply chain. It provides basic information that a supplier can use to:

• assess themselves on their information technology security practices;

• determine their preparedness for cyber threat risk management for their customer; and

• assess the risks presented by their own suppliers.

Through the process of self-assessment suppliers can determine where their strengths and weaknesses exist.

This document should be used by any supplier that is interested in protecting their data from disruption or exfiltration. There are three distinct tiers of supplier that could benefit from this standard practice. These tiers are defined as:

Tier1: Suppliers that operate without a dedicated Information Technology professional on staff nor do they have a dedicated Information Technology Security professional. (Questions 1-5)

Tier 2: Suppliers with a dedicated Information Technology professional on staff, but have no dedicated Information Technology Security professional. (Questions 1-17)

Tier 3: Suppliers that have both dedicated Information Technology professionals and dedicated Information Technology Security professionals on staff. (Questions 1-72)
Additional Supplemental Documents