Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)
News & Events
Best Practices in Cyber Supply Chain Risk Management
October 1-2, 2015
NIST Gaithersburg, MD.
{April 2015} -- NIST is pleased to announce the release of NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
{Dec. 2012} -- NIST is pleased to announce a report by the University of Maryland’s Supply Chain Management Center: Proof of Concept for an Enterprise ICT SCRM Assessment Package
Contact
General Inquires
scrm-nist@nist.gov
Jon Boyens
Project Lead
boyens@nist.gov
301-975-5549
Celia Paulsen
Technical Lead
celia.paulsen@nist.gov
301-975-5981
Industry Best Practices for Cyber SCRM
The NIST Framework for Improving Critical Infrastructure Cybersecurity ("the Framework") released in February 2014 was published simultaneously with the companion Roadmap for Improving Critical Infrastructure Cybersecurity. The Roadmap identified Supply Chain Risk Management as an area for future focus. Since the release of the Framework and in support of the companion Roadmap, NIST has researched industry best practices for cyber supply chain risk management through engagement with industry leaders.
The following are case studies conducted by NIST:
- Boeing and Exostar
- Cisco
- Communications Company
- Deere
- Dupont
- Exelon
- Fire Eye
- Fujitsu
- Great River Energy (GRE)
- Intel
- Juniper
- NetApp
- Northrop Grumman
- P&G
- Resilinc
- Schweitzer Engineering Laboratories, Inc. (SEL)
- Smart Manufacturing
- Utility
In October 2015, NIST held a workshop to discuss research findings. The following are briefing papers given to attendees of the workshop:
- Best Practices in Vendor Selection and Management
- Business Case for Cyber Supply Chain Risk Management
- Organizational Strategies for Cyber Supply Chain Risk
Management - Cyber Supply Chain Standards Mapping and Roadmap
- Cyber Supply Chain Best Practices