U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

National Online Informative References Program OLIR

SP800-161-to-SP800-53-Rev-4 Informative Reference Details

800-53

Informative Reference Information

Status:
Work-in-Progress Draft

Informative Reference Version:
1.0.0

Focal Document Version:
800-53 Rev. 4

Summary:
This publication provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations. The publication integrates ICT supply chain risk management (SCRM) into federal agency risk management activities by applying a multitiered, SCRM specific approach, including guidance on assessing supply chain risk and applying mitigation activities.

Target Audience:
ICT SCRM is an organization-wide activity that should be directed under the overall agency governance, regardless of the specific organizational structure. At the organization level, ICT SCRM activities should be led by the risk executive function, described in [NIST SP 800-39], and implemented throughout the organization by a variety of individuals in different roles. The audience for this publication is federal agency personnel involved in engineering/developing, testing, deploying, acquiring, maintaining, and retiring ICT components and systems. These functions may include, but are not limited to, information technology, information security, contracting, risk executive, program management, legal, supply chain and logistics, acquisition and procurement, other related functions, and system owner. Other personnel or entities are free to make use of the guidance as appropriate to their situation.

Comprehensive:
Yes

Comments:
Please note, the following controls/control enhancements/control families have not been included in this work-in-progress draft, as they are not part of the SP 800-53 Rev. 4 Focal Document template: • MA-7 - Maintenance Monitoring and Information Sharing • PV-1 - Provenance Policy and Procedures • PV-2 - Tracking Provenance and Developing a Baseline • PV-2(1) - Tracking Provenance and Developing a Baseline | Automated and Repeatable Processes • PV-3 - Auditing Roles Responsible for Provenance • SA-18(3) - Tamper Resistance and Detection | Return Policy

Point of Contact:
olir@nist.gov

Category of Submitter:
Public Sector

Dependencies/Requirements:
N/A

Citations:

SHA3-256

70a8b679078718a6c89862f0ddc987b97d332f4287b40b1a589cc08e81663967

Authority

Owner

Reference Document Author:
National Institute of Standards and Technology

Reference Document:
SP 800-161

Reference Document Date:
04/01/2015

Reference Document URL:
https://csrc.nist.rip/external/nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161.pdf

Reference Developer:
National Institute of Standards and Technology

Posted Date:
August 17, 2021

Contacts

National Online Informative References Program
olir@nist.gov

Topics

Security and Privacy: testing & validation

Applications: cybersecurity framework

Created September 08, 2020, Updated December 08, 2021