Date Published: February 2020
Comments Due: March 4, 2020 (public comment period is CLOSED)
Email Questions to: scrm-nist@nist.gov
, , , ,
Since the release of the Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) and its companion, Roadmap for Improving Critical Infrastructure Cybersecurity in 2014, NIST has researched industry practices in cyber supply chain risk management (C-SCRM) through engagement with industry leaders.
This publication is based on: an analysis of interviews with companies in 2015 and 2019, which led to the development of 24 case studies; prior NIST research in cyber supply chain risk management; and a number of standards and industry best practices documents. NISTIR 8276 is intended to provide a high-level summary of practices deemed by subject matter experts to be foundational to an effective cyber supply chain risk management program.
NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
None selected
Publication:
NISTIR 8276 (Draft) (DOI)
Local Download
Supplemental Material:
Cyber SCRM Key Practices and Case Studies (other)
NIST news article (other)
Document History:
02/04/20: NISTIR 8276 (Draft)
02/11/21: NISTIR 8276 (Final)
Security and Privacy
cybersecurity supply chain risk management
Applications
cybersecurity framework