U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST Risk Management Framework RMF

Supply Chain

Overlay Name:  NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations

Overlay Publication Date: April 2015

Technology or System: Cyber Supply Chain

Overlay Author: Jon Boyens (NIST), Celia Paulsen (NIST), Rama Moorthy (Hatha Systems), Nadya Bartol (Utilities Telecom Council)

Comments: Identification and augmentation of information and communications technology (ICT) supply chain risk management (SCRM)-related controls in SP 800-53, Revision 4.  Refer to Chapter 3 for the ICT SCRM Controls. The audience for this publication is federal agency personnel involved in engineering/developing, testing, deploying, acquiring, maintaining, and retiring Information and Communications Technology (ICT) components and systems. 

Overlay Point of Contact: Jon Boyens 

 

Download Overlay

 


Return to Control Overlay Repository Overview

Disclaimer Statement The National Institute of Standards and Technology (NIST) has established the Security Overlay Repository as a public service. Security control overlays are made available by NIST on an “AS IS” basis with NO WARRANTIES   Some submitted overlays may be available for free while others may be made available for a fee.  It is the responsibility of the User to comply with the Terms of Use of any given overlay. Overlay users are solely responsible for determining the appropriateness of using and distributing the security control overlays.  User assumes all risks associated with their use, including but not limited to compliance with applicable laws; damage to or loss of data, programs or equipment; and the unavailability or interruption of operation. NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY

Created November 30, 2016, Updated October 05, 2022