Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects FISMA Implementation Project NIST Security Control Overlay Repository SCOR Submission Process NIST-developed Overlay Submissions

FISMA Implementation Project FISMA

Supply Chain

Overlay Name:  NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations

Overlay Version: 1

Technology or System: Supply Chain

Overlay Author: Jon Boyens (NIST), Celia Paulsen (NIST), Rama Moorthy (Hatha Systems), Nadya Bartol (Utilities Telecom Council)

Comments: The audience for this publication is federal agency personnel involved in engineering/developing, testing, deploying, acquiring, maintaining, and retiring Information and Communications Technology (ICT) components and systems. These functions may include, but are not limited to, information technology, information security, contracting, risk executive, program management, legal, supply chain and logistics, acquisition and procurement, other related functions, and system owner. Other personnel or entities are free to make use of the guidance as appropriate to their situation.

Overlay Point of Contact: Jon Boyens 301-975-5549/Celia Paulsen 301-975-5981

 

Download Overlay

 

Return to Security Control Overlay Repository Main Page

Disclaimer Statement The National Institute of Standards and Technology (NIST) has established the Security Overlay Repository as a public service. Security control overlays are made available by NIST on an “AS IS” basis with NO WARRANTIES   Some submitted overlays may be available for free while others may be made available for a fee.  It is the responsibility of the User to comply with the Terms of Use of any given overlay. Overlay users are solely responsible for determining the appropriateness of using and distributing the security control overlays.  User assumes all risks associated with their use, including but not limited to compliance with applicable laws; damage to or loss of data, programs or equipment; and the unavailability or interruption of operation. NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY

Contacts

Ron Ross
ron.ross@nist.gov

Victoria Yan Pillitteri
victoria.yan@nist.gov

Kelley Dempsey
kelley.dempsey@nist.gov

Eduardo Takamura
eduardo.takamura@nist.gov

Jeff Brewer
jeffrey.brewer@nist.gov

Jody Jacobs
jody.jacobs@nist.gov

Ned Goren
nedim.goren@nist.gov

Topics

Security and Privacy: risk management

Laws and Regulations: E-Government Act, Federal Information Security Modernization Act

Created November 30, 2016, Updated October 13, 2020