Highlights

  • It helps curate compliance management and audit preparation questionnaires and surveys patterns to fulfill existing and emerging regulatory standards.
  • The Library makes product information accessible, helps connect customers quicker and faster, and turns regulatory compliance easier while eliminating redundancies.

Fortress Information Security revealed a new way for suppliers to engage with their customers and provide pivotal information about their supply chain security practices. The company introduced a new supplier-centered marketplace, Asset to Vendor (A2V) Library Trust Center, to offer patrons an enhanced ability to share and update cybersecurity information and provide product marketing materials.

“Information within the A2V Library that so many of our patrons require can now be efficiently shared, monitored, and administered by suppliers to enable their mutual success,” said Betsy Soehren Jones, COO at Fortress. “The Library is designed to make product information accessible, communications to customers quicker and faster, and regulatory compliance easier while eliminating redundancies.”

With A2V Library, vendors and Original Equipment Manufacturers (OEMs) can control the information provided to their customers, such as security attestations, completed North American Transmission Forum (NATF) questionnaires, and third-party certifications. After uploading information to the Trust Center, suppliers need to select whether to share the information with all A2V members or only grant access upon request from members on a case-by-case basis. This will help many suppliers solve the problem of receiving and exchanging security controls questionnaires from various prospects or clients. All of these clients are phrased slightly differently but are essentially the same.

The supplier Trust Center provides users with the following important capabilities –

  • Helps curate compliance management and audit preparation questionnaires and surveys patterns to fulfill existing and emerging regulatory standards.
  • Handles data-driven risk ranking that leverages AI and open-source intelligence to check supplier assets’ criticality and cyber maturity.
  • Supplier validated product assessments that give visibility to vulnerabilities, patch history, and security controls.
  • Details of suppliers’ geopolitical relationships, products, and 4th party suppliers.
  • Patented blockchain technology to securely share software and hardware (bill of materials) analyses designed to uncover open-source vulnerabilities, product components, and geopolitical affiliations.
  • Continuous monitoring of all active suppliers, their customers, and 4th party vendors.

The expansion of the A2V Library has come as the Department of Energy’s (DOE) response to President Biden’s Executive Order 14017 with a special program called the Energy Sector Industrial Base (ESIB).

Especially, the ESIB called for the DOE to work with industry and “(a)ssess the installed base of digital components in critical energy systems to determine the prevalence and prioritize cyber supply chain risks and mitigation actions.”

With A2V Library, suppliers can quickly share updates regarding their compliance and security tactics as Russian affairs continue to unfold, keeping their customers aware of continuously evolving security measures.

Supply chain attacks are continuously increasing. After assessing the current geopolitical conflict, it has become clear that cyberweapons are now acceptable elements of modern warfare. Fortress said that it is time to prioritize increased industry-wide communication. Securing information sharing is the roadmap to increased cybersecurity awareness.