NIST regularly conducts and awards contracts, grants, or cooperative agreements to conduct research into cyber-supply chain risk management and related topics. The following are relevant research activities:
Cyber Risk Analytics: A NIST and GSA-Sponsored grant from 2015-2017 examining the relationship between various risk management practices and publicly disclosed breaches.
Industry C-SCRM Best Practices: Ongoing work developing case studies exploring effective risk management practices used by various industry organizations.
Cyber Risk Portal: An Enterprise Risk Assessment Application developed by the University of Maryland from grants awarded in 2010 and 2012.
C-SCRM Environmental Scan: From a grant awarded in 2010, the University of Maryland researched existing standards documents related to SCRM.
To submit a grant / cooperative agreement proposal, please see https://www.nist.gov/itl/how-work-us/itl-grants-program.
Security and Privacy: controls assessment, cyber supply chain risk management, information sharing, malware, risk assessment, security controls, security measurement, security programs & operations, systems security engineering, vulnerability management
Technologies: cloud & virtualization, hardware, software & firmware
Applications: communications & wireless, cybersecurity framework
Laws and Regulations: Comprehensive National Cybersecurity Initiative, Cybersecurity Enhancement Act, Cybersecurity Strategy and Implementation Plan, Cyberspace Policy Review, Executive Order 13636, Federal Acquisition Regulation, Federal Information Security Modernization Act, Homeland Security Presidential Directive 12, OMB Circular A-130