Draft Special Publication 800-161 provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multi-tiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.
Due to the recent government shutdown, NIST is extending the comment period for NIST SP 800-161 by 14 days. Comments are now due by November 1, 2013. Please submit comments to scrm-nist@nist.gov with "Comments NIST SP 800-161" in the subject line.