Hi All,
NIST Releases the C-SCRM Due Diligence Assessment Quick-Start Guide for Public Comment
Cybersecurity supply chain risk management (C-SCRM) assessments start with due diligence. Acquirers making procurement decisions need to be informed about potential supplier risks before those decisions are executed. Consequently, many acquisitions operating procedures strongly recommend - or even require - assessing a supplier's risk before entering into an agreement with them.
Based on the widely adopted content in NIST Special Publication (SP) 800-161r1, this new draft Quick-Start Guide proposes an implementation-ready approach to conducting due diligence: the minimum amount of investigative rigor on potential suppliers. Identifying the primary risk factors that an acquirer should consider on its potential suppliers can enable quicker turnarounds with limited resources.
NIST welcomes comments on this initial public draft by December 16, 2024. Please email feedback to [email protected].
------------------------------
Michael Roza CPA, CISA, CIA, CC, CCSKv5, CCZTv1, MBA, EMBA, CSA
------------------------------