Organizations are increasingly required to enhance their Cybersecurity Supply Chain Risk Management (C-SCRM) practices due to new regulations in the U.S. and EU. These regulations mandate certifications, reporting, and responsibilities for both public and private sectors to build trust in supply chain security. Key initiatives like the EU’s Cyber Resilience Act (CRA) and National Information Security Directive (NIS2) focus on improving cybersecurity standards and enforcing compliance, emphasizing risk management and timely incident reporting. The U.S. CMMC framework similarly aims to bolster security among defense contractors.

Source: https://www.scmr.com/article/regulations-are-forcing-organizations-to-address-software-supply-chain-security