NIST publishes guidance on supply chain risk management practices

Published: Tuesday, 14 April 2015 07:43

NIST has announced the release of NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain.

Special Publication 800-161 provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations; as well as integrating ICT supply chain risk management (SCRM) into federal agency risk management activities by applying a multi-tiered, SCRM-specific approach, including guidance on assessing supply chain risk and applying mitigation activities. It also builds on existing practices from multiple disciplines and is intended to increase the ability of organizations to strategically manage ICT supply chain risks over the entire life cycle of systems, products, and services.

Read the document (PDF).