Projects Cyber Supply Chain Risk Management Industry Best Practices
Cyber Supply Chain Risk Management
Industry Best Practices For Cyber SCRM
The NIST Framework for Improving Critical Infrastructure Cybersecurity ("the Framework") released in February 2014 was published simultaneously with the companion Roadmap for Improving Critical Infrastructure Cybersecurity. The Roadmap identified Supply Chain Risk Management as an area for future focus. Since the release of the Framework and in support of the companion Roadmap, NIST has researched industry best practices for cyber supply chain risk management through engagement with industry leaders. The following are case studies conducted by NIST:
In October 2015, NIST held a workshop to discuss research findings. The following are briefing papers given to attendees of the workshop:
Topics
Security and Privacy:
controls assessment, cyber supply chain risk management, information sharing, malware, risk assessment, security controls, security measurement, security programs & operations, systems security engineering, vulnerability management,
Applications:
cybersecurity framework,
Technologies:
cloud & virtualization, communications & wireless, firmware, hardware, software,
Laws and Regulations:
Comprehensive National Cybersecurity Initiative, Cybersecurity Enhancement Act, Cybersecurity Strategy and Implementation Plan, Cyberspace Policy Review, Executive Order 13636, Federal Acquisition Regulation, Federal Information Security Modernization Act, Homeland Security Presidential Directive 12, OMB Circular A-130,
Topics
Security and Privacy:
controls assessment, cyber supply chain risk management, information sharing, malware, risk assessment, security controls, security measurement, security programs & operations, systems security engineering, vulnerability management
Applications:
cybersecurity framework
Technologies:
cloud & virtualization, communications & wireless, firmware, hardware, software
Laws and Regulations:
Comprehensive National Cybersecurity Initiative, Cybersecurity Enhancement Act, Cybersecurity Strategy and Implementation Plan, Cyberspace Policy Review, Executive Order 13636, Federal Acquisition Regulation, Federal Information Security Modernization Act, Homeland Security Presidential Directive 12, OMB Circular A-130
Created May 24, 2016, Updated October 09, 2018