Cybersecurity Supply Chain Risk Management
Cybersecurity Supply Chain Risk Management C-SCRM
News and Updates
Second Draft SP 800-161 Rev. 1 Available for Comment
October 28, 2021
A second public draft of Special Publication (SP) 800-161 Revision 1, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," is open for comment through December 10, 2021.
NISTIR 8276 Key Practices in C-SCRM
February 11, 2021
NIST announces the publication of NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management: Observations from Industry.
NISTIR 8179 Criticality Analysis Process Model
April 11, 2018
NIST is releasing NIST Internal Report (NISTIR) 8179, Criticality Analysis Process Model: Prioritizing Systems and Components, to help organizations identify those systems and components that are most vital and which may need...
Cyber Risk Predictive Analytics Project Report
December 1, 2017
NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “The Cyber Risk Predictive Analytics Project”.
NIST Announces the release of NIST SP 800-161
April 9, 2015
Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due...
Second Draft Special Publication 800-161
June 3, 2014
NIST announces that Draft Special Publication (SP) 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, has been released for public comment ....
Public Comment: NIST announces that Draft SP 800-161
October 21, 2013
This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations.
SECOND Public DRAFT of NIST Interagency Report 7622
March 23, 2012
NIST announces the second public draft of NIST Interagency Report (NISTIR) 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication is intended to provide a wide array of...
Security and Privacy:
controls assessment, cybersecurity supply chain risk management, information sharing, malware, risk assessment, security controls, security measurement, security programs & operations, systems security engineering, vulnerability management
cloud & virtualization, hardware, software & firmware
communications & wireless, cybersecurity framework
Laws and Regulations:
Comprehensive National Cybersecurity Initiative, Cybersecurity Enhancement Act, Cybersecurity Strategy and Implementation Plan, Cyberspace Policy Review, Executive Order 13636, Federal Acquisition Regulation, Federal Information Security Modernization Act, Homeland Security Presidential Directive 12, OMB Circular A-130
Created May 24, 2016, Updated November 30, 2021