Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

SP 800-161

Supply Chain Risk Management Practices for Federal Information Systems and Organizations

Date Published: April 2015


Jon Boyens (NIST), Celia Paulsen (NIST), Rama Moorthy (Hatha Systems), Nadya Bartol (Utilities Telecom Council)



acquire; information and communication technology supply chain risk management; ICT SCRM; risk management; supplier; supply chain; supply chain risk; supply chain risk management; supply chain assurance; supply chain security
Control Families

Access Control; Audit and Accountability; Awareness and Training; Security Assessment and Authorization; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Program Management; Risk Assessment; System and Communications Protection; System and Information Integrity; System and Services Acquisition;


SP 800-161 (DOI)
Local Download

Supplemental Material:
None available


Security and Privacy
acquisition; incident response; maintenance; planning; risk assessment

supply chain

Laws and Regulations
OMB Circular A-130