C-SCRM News & Events

• July 10, 2017
  NIST Releases Draft NIST Interagency Report (NISTIR) 8179, Criticality Analysis Process Model
  
  NIST is seeking comments on Draft NIST IR 8179, Criticality Analysis Process Model. This publication describes a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the impact that their inadequate operation or loss may present to those goals.
  Comments may be submitted here or by sending an email to nistir-8179-comments@nist.gov. NIST is accepting comments through Aug. 18, 2017.

---

• February 16, 2016
  Trustworthy Suppliers Framework Forum
  February 16, 2016
  NIST, Gaithersburg, MD
  

  ---

• October 1-2, 2015
  Best Practices in Cyber Supply Chain Risk Management
  October 1-2, 2015
  NIST Gaithersburg, MD
  Save the Date
  Agenda

  ---

• July 17, 2015
  NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “Leveraging the Cyber Risk Portal as a Teaching & Education Tool”. The report, which stems from a NIST grant, details updates and new content developed for the Cyber Risk Portal. These activities build on the series of enterprise IT supply chain risk management tools from a previous NIST grant. The University of Maryland enhanced the usability of the portal by conducting a re-design of the user interface and developing new educational multi-media content, including video interviews of subject matter experts and content-specific tutorials. In addition, the report details results of several additional market testing and opportunity research, including discussions with the insurance industry and critical sectors of the federal community.
   

  ---

• April 9, 2015 -- NIST is pleased to announce the release of NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
   
  Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the federal agencies’ decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated and deployed, as well as the processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services.
   
  Special Publication 800-161: (i) provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations; (ii) integrates ICT supply chain risk management (SCRM) into federal agency risk management activities by applying a multi-tiered, SCRM-specific approach, including guidance on assessing supply chain risk and applying mitigation activities; and, (iii) builds on existing practices from multiple disciplines and is intended to increase the ability of organizations to strategically manage ICT supply chain risks over the entire life cycle of systems, products, and services.
   
  For information on NIST’s ICT SCRM Program, please visit: http://csrc.nist.rip/scrm/
  
   

  ---

• June 2014 -- NIST announces that Draft Special Publication (SP) 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, has been released for public comment - can be accessed either by the SCRM Publications page OR the CSRC Drafts page.
   

  ---

• October 21, 2013 -- Due to the recent government shutdown, NIST is extending the comment period for NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. Comments are now due by November 1, 2013.
   
  This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multi-tiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.
   
  (NOTE: This draft has been updated with the Second Draft -- see news item above (June 2014) to learn more about the second draft of this document.)
   

  ---

• July 10, 2013 – A Summary of the Workshop on Information and Communication Technologies Supply Chain Risk Management held October 15-16, 2012 is now available on-line .
   

  ---

• NIST is pleased to announce a report by the University of Maryland’s Supply Chain Management Center. The report, which stems from a NIST grant, provides a proof of concept for an information and communication technology supply chain risk management assessment delivered through web site portal. The proof of concept utilizes work from previous NIST grants and features four major functions: an Enterprise Assessment Section; a Library Section; a Forum Section; and, an Initiatives Section.
   

  ---

• October 25, 2012 -- The presentations from the ICT Supply Chain Risk Management workshop (Oct. 15-16, 2012) are now available here.
   

  ---

• NIST is pleased to announce the release of the NIST Interagency Report (NIST IR) 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. (Oct. 2012) Click here to view NISTIR 7622.
  
  This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk. It seeks to equip federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices that offer a means to obtain an understanding of, and visibility throughout, the supply chain.