U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST IR 8272 (Initial Public Draft)

Impact Analysis Tool for Interdependent Cyber Supply Chain Risks

Date Published: March 2020
Comments Due: April 17, 2020 (public comment period is CLOSED)
Email Questions to: scrm-nist@nist.gov

Author(s)

Celia Paulsen (NIST), Kris Winkler (Boston Consulting Group), Jon Boyens (NIST), Jeffrey Ng (Boston Consulting Group), James Gimbi (Boston Consulting Group)

Announcement

This draft document describes a prototype tool developed to show a possible solution for filling the gap between an organization's risk appetite and supply chain risk posture by providing a basic measurement of the potential impact of a cyber supply chain event. This tool does not represent a complete supply chain risk management solution, but is intended to be integrated into or used in concert with tools such as third-party management, enterprise resource planning, and supply chain management efforts. Comments related to additional functionality or other aspects of the tool may be used to develop future versions of the software.

Abstract

Keywords

C-SCRM; cyber supply chain risk management; risk management; secure supply chain; supply chain; supply chain assurance; supply chain dependencies; supply chain risk; supply chain risk management; supply chain security
Control Families

System and Services Acquisition