Status:
Work-in-Progress Draft
Informative Reference Version:
1.0.0
Focal Document Version:
800-53 Rev. 4
Summary:
This publication provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations. The publication integrates ICT supply chain risk management (SCRM) into federal agency risk management activities by applying a multitiered, SCRM specific approach, including guidance on assessing supply chain risk and applying mitigation activities.
Target Audience:
ICT SCRM is an organization-wide activity that should be directed under the overall agency governance, regardless of the specific organizational structure. At the organization level, ICT SCRM activities should be led by the risk executive function, described in [NIST SP 800-39], and implemented throughout the organization by a variety of individuals in different roles. The audience for this publication is federal agency personnel involved in engineering/developing, testing, deploying, acquiring, maintaining, and retiring ICT components and systems. These functions may include, but are not limited to, information technology, information security, contracting, risk executive, program management, legal, supply chain and logistics, acquisition and procurement, other related functions, and system owner. Other personnel or entities are free to make use of the guidance as appropriate to their situation.
Comprehensive:
Yes
Comments:
Point of Contact:
olir@nist.gov
Category of Submitter:
Public Sector
Dependencies/Requirements:
N/A
Citations:
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
