Draft NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multi-tiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.
NIST requests comments on Draft NIST SP 800-161 by October 15, 2013. Please submit comments to scrm-nist@nist.gov with "Comments NIST SP 800-161" in the subject line.