U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

NISTIR 8276

Key Practices in Cyber Supply Chain Risk Management: Observations from Industry

Date Published: February 2021

Author(s)

Jon Boyens (NIST), Celia Paulsen (NIST), Nadya Bartol (Boston Consulting Group), Kris Winkler (Boston Consulting Group), James Gimbi (Boston Consulting Group)

Abstract

Keywords

best practices; cyber supply chain risk management; C-SCRM; external dependency management; information and communication technology supply chain risk management; ICT SCRM; key practices; risk management; supplier; supply chain; supply chain assurance; supply chain risk; supply chain risk assessment; supply chain risk management; supply chain security; third-party risk management
Control Families

None selected

Documentation

Publication:
NISTIR 8276 (DOI)
Local Download

Supplemental Material:
Cyber SCRM Key Practices and Case Studies (other)

Document History:
02/04/20: NISTIR 8276 (Draft)
02/11/21: NISTIR 8276 (Final)

Topics

Security and Privacy
cybersecurity supply chain risk management

Applications
cybersecurity framework