The Inner Circle

 View Only

NIST Special Publication 800-161 Rev. 1, Cybersecurity Supply Chain Risk Management Practices Draft 2 for Comment

  • 1.  NIST Special Publication 800-161 Rev. 1, Cybersecurity Supply Chain Risk Management Practices Draft 2 for Comment

    Posted Dec 02, 2021 12:47:00 AM
    Hi All,

    NIST just extended the comment date for NIST Special Publication 800-161 Rev. 1, Cybersecurity Supply Chain Risk Management Practices Draft 2

    Organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain. These risks are associated with an enterprise's decreased visibility into, and understanding of, how the technology that they acquire is developed, integrated, and deployed, as well as the processes, procedures, and practices used to assure the security, resilience, reliability, safety, integrity, and quality of the products and services.

    This publication provides guidance to organizations on identifying, assessing, and mitigating cyber supply chain risks at all levels of their organizations. The publication integrates cyber supply chain risk management (C-SCRM) into risk management activities by applying a multi-level, C-SCRM-specific approach, including guidance on development of C-SCRM strategy implementation plans, C-SCRM policies, C-SCRM plans, and C-SCRM risk assessments for products and services.


    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------