The Inner Circle

 View Only

NIST SP 800-161 Revision 1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organization

  • 1.  NIST SP 800-161 Revision 1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organization

    Posted May 05, 2022 09:18:00 AM
      |   view attached
    Hi All,


    NIST has released a revision of Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1). This document updates guidance on identifying, assessing, and responding to cybersecurity risks throughout the supply chain at all levels of an organization.

    Among other things, it helps to fulfill NIST's responsibilities under the 2021 Executive Order (EO) on Improving the Nation's Cybersecurity which addresses increasing software security risks throughout the supply chain. That part of the revised publication, Appendix F, covers sections 4(c) and (d) of the EO and is available only on NIST's EO website HERE - https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chainss
    The publication offers key practices for organizations to adopt as they develop their capability to manage cybersecurity risks within and across their supply chains. It also encourages organizations to consider the vulnerabilities not only of a finished product they are considering using but also of its individual components - which may have been developed elsewhere - and the journey those components took to reach their destination. The development of this document follows two earlier draft revisions.
    Questions about the publication can be submitted via [email protected].

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------