U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Cybersecurity Supply Chain Risk Management C-SCRM

NIST-Sponsored Research

NIST regularly conducts and awards contracts, grants, or cooperative agreements to conduct research into cybersecurity supply chain risk management (C-SCRM) and related topics. The following are relevant research activities:


Cyber Risk Analytics: A NIST and GSA-Sponsored grant from 2015-2017 examining the relationship between various risk management practices and publicly disclosed breaches.

Industry C-SCRM Best Practices: Ongoing work developing case studies exploring effective risk management practices used by various industry organizations. 

Cyber Risk Portal: An Enterprise Risk Assessment Application developed by the University of Maryland from grants awarded in 2010 and 2012.

C-SCRM Environmental Scan: From a grant awarded in 2010, the University of Maryland researched existing standards documents related to SCRM.


To submit a grant / cooperative agreement proposal, please see https://www.nist.gov/itl/how-work-us/itl-grants-program.

Created May 24, 2016, Updated November 30, 2021