Date Published: March 2020
Comments Due: April 17, 2020 (public comment period is CLOSED)
Email Questions to: scrm-nist@nist.gov
, , , ,
This draft document describes a prototype tool developed to show a possible solution for filling the gap between an organization's risk appetite and supply chain risk posture by providing a basic measurement of the potential impact of a cyber supply chain event. This tool does not represent a complete supply chain risk management solution, but is intended to be integrated into or used in concert with tools such as third-party management, enterprise resource planning, and supply chain management efforts. Comments related to additional functionality or other aspects of the tool may be used to develop future versions of the software.
System and Services Acquisition
Publication:
NISTIR 8272 (Draft) (DOI)
Local Download
Supplemental Material:
CSRC: Source Code, Sample Data, and Installer Packages (web)
GitHub: Source Code, Sample Data, and Installer Packages (web)
Document History:
03/13/20: NISTIR 8272 (Draft)
08/25/20: NISTIR 8272
Security and Privacy
analytics; cyber supply chain risk management