Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updates 2021

NIST's Key Practices in Cyber Supply Chain Risk Management: Observations from Industry--NISTIR 8276
February 11, 2021

NIST announces the release of NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management (C-SCRM): Observations from Industry. This final document provides the ever-increasing community of digital businesses a set of Key Practices that any organization can use to manage cybersecurity risks associated with their supply chains.

The Key Practices presented in this document can be used to implement a robust C-SCRM function at an organization of any size, scope, or complexity. These practices combine the information contained in existing C-SCRM government and industry resources with the information gathered during the 2015 and 2019 NIST research on industry best practices. The Key Practices also include 24 actionable recommendations that synthesize how these practices can be implemented from a people, process, and technology perspective.

Related Topics

Security and Privacy: cybersecurity supply chain risk management

Applications: cybersecurity framework

Created February 11, 2021