Date Published: June 23, 2022
Comments Due: August 8, 2022 (public comment period is CLOSED)
Email Questions to:
supplychain-nccoe@nist.gov
Planning Note (07/20/2022):
The comment period has been extended to August 8, 2022 (originally July 25th).
What Is This Guide About?
Technologies today rely on complex, globally distributed and interconnected supply chain ecosystems to provide reusable solutions. Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Managing cyber supply chain risks requires, in part, ensuring the integrity, quality, and resilience of the supply chain and its products and services. This project demonstrates how organizations can verify that the internal components of their computing devices are genuine and have not been altered during the manufacturing or distribution processes.
Share Your Expertise
Please download the document and share your expertise with us to strengthen the draft practice guide. The public comment period for this draft is now open and will close on July 25th, 2022. You can stay up to date on this project by sending an email to supplychain-nccoe@nist.gov to join our Community of Interest. Also, if you have any project ideas for our team, please let us know by sending an email to the email address above. We look forward to your feedback.
Additional NIST Supply Chain Work
NIST is also working on an important effort, the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) with the private sector and others in government to improve cybersecurity in supply chains. This initiative will help organizations to build, evaluate, and assess the cybersecurity of products and services in their supply chains, an area of increasing concern. For more information on this effort, you can click here.
Configuration Management; System and Information Integrity
Publication:
NIST SP 1800-34 ipd (pdf)
Supplemental Material:
Project homepage
Document History:
11/22/21: SP 1800-34 (Draft)
06/23/22: SP 1800-34 (Draft)
12/09/22: SP 1800-34 (Final)
asset management, configuration management, continuous monitoring, cybersecurity supply chain risk management, roots of trust, vulnerability management
Technologies