U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

New EO Guidance for Cybersecurity Supply Chain Risk Management
May 05, 2022

NIST has released a revision of Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1). This document updates guidance on identifying, assessing, and responding to cybersecurity risks throughout the supply chain at all levels of an organization. Among other things, it helps to fulfill NIST’s responsibilities under the 2021 Executive Order (EO) on Improving the Nation’s Cybersecurity which address increasing software security risks throughout the supply chain. That part of the revised publication, Appendix F, covers sections 4(c) and (d) of the EO and is available only on NIST’s EO website HERE.

The publication offers key practices for organizations to adopt as they develop their capability to manage cybersecurity risks within and across their supply chains. It also encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its individual components — which may have been developed elsewhere — and the journey those components took to reach their destination. The development of this document follows two earlier draft revisions.

The publication is available HERE and today’s NIST news release is available HERE. Questions about the publication can be submitted via scrm-nist@nist.gov.



Related Topics

Security and Privacy: acquisition, cybersecurity supply chain risk management

Laws and Regulations: Executive Order 14028

Created May 04, 2022, Updated May 05, 2022