<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1" xmlns:video="http://www.google.com/schemas/sitemap-video/1.1"><url><loc>https://supplychainsecurityhandbook.com/blog/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/blog/2026/01/05/welcome-to-the-handbook/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/blog/2026/04/02/axios-npm-compromise/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/blog/2026/04/09/eu-ict-supply-chain-toolbox/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/blog/2026/05/14/ai-sbom-minimum-elements/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/10-best-practices/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/audit-compliance-readiness/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/product-acceptance-supply-chain-trust/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/secure-development-release-governance/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/secure-updates-lifecycle-monitoring/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/software-components-vulnerability-management/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/supplier-assurance-procurement/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/supply-chain-assurance-implementation/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/practices-controls/supply-chain-security-lifecycle-map/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/curated-references/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/evidence-checklist/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/evidence-maturity-model/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/evidence-package-template/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/glossary/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/standards-evidence-technology-mapping/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/supplier-security-questions/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/worked-examples/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/worked-examples/component-provenance-example/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/worked-examples/product-acceptance-package/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/worked-examples/secure-update-approval/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/worked-examples/supplier-onboarding-evidence-package/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/worked-examples/vulnerability-response-evidence/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/resources/worked-examples/weak-vs-strong-supplier-answers/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/standards-regulations/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/standards-regulations/eu-cyber-resilience-act/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/standards-regulations/eu-cyber-resilience-act/etsi-en-304-623-boot-managers/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/standards-regulations/iec-62443/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/standards-regulations/nis2/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/standards-regulations/nist-sp-800-161/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/standards-regulations/nist-ssdf/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/threats/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/threats/product-component-trust-failures/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/threats/software-update-chain-compromise/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/standards-threats/threats/supplier-assurance-failures/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/start-here/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/start-here/audit-compliance-assurance/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/start-here/procurement-supplier-assurance/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/start-here/product-security/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/start-here/standards-compliance-mapping/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/start-here/supplier-manufacturer/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/start-here/technical-implementation/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/attestation-measured-state/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/choosing-technology-options/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/evidence-exchange-verifier-workflows/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/evidence-repositories-logs-retention/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/sbom-vex-component-visibility/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/secure-update-recovery-mechanisms/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/signing-keys-credentials/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url><url><loc>https://supplychainsecurityhandbook.com/technology-options/trust-anchors-device-identity/</loc><changefreq>weekly</changefreq><priority>0.5</priority></url></urlset>