Decoding CTPAT Minimum Security Criteria Requirement 1

CTPAT has provided updated minimum-security criteria and based off of our expertise and client conversations, we have found that these requirements present a challenge to many businesses.

This will be the first of many that covers the requirements for 3PLs, Freight Forwarders, Importers/Exporters, and more.

The first requirement is:

CTPAT Members must have comprehensive written cybersecurity policies and/or procedures to protect information technology (IT) systems. The written IT policy at a minimum must cover all of the Individual Cybersecurity criteria.

There are many publicly available frameworks and resources to follow. When building your policy it is recommended that you map them to CTPAT’s minimum security criteria. We recommend that you document that in the policy and review it annually and whenever the minimum security criteria change.

Two common frameworks that businesses use are the CIS Top 20 or NIST.

We help customers decide how to define and implement these policies using our expertise and the best practices from our 7 Elements of Zero Trust Cybersecurity. After the policies are implemented, we help clients keep their policy up to date on the newest regulatory requirements and security trends.

If you have any questions about this requirement please schedule some time to chat

Share this:


Recent Posts