Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects NIST Risk Management Framework SP 800-53 Controls Control Overlay Repository NIST-developed Overlay Submissions

NIST Risk Management Framework RMF

Supply Chain

Overlay Name:  NIST SP 800-161, Rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

Overlay Publication Date: May 2022

Technology or System: Cyber Supply Chain

Overlay Author: Jon Boyens (NIST), Angela Smith (NIST), Nadya Bartol (BCG), Kris Winkler (BCG), Alex Holbrook (BCG), Matthew Fallon (BCG)

Comments: Identification and augmentation of cybersecurity supply chain risk management (C-SCRM)-related controls in SP 800-53, Revision 5. Refer to SP 800-161r1, Appendix A, for the C-SCRM Controls.

C-SCRM is an enterprise-wide activity that should be directed from a governance perspective, regardless of the specific enterprise structure. This publication is intended to serve a diverse audience involved in C-SCRM, including those responsible for:

  • Risk management and oversight
  • Project management
  • Systems development
  • Acquisition and procurement
  • Security and privacy implementation and operations
  • Security and privacy assessment and monitoring
  • Creating component products and systems
  • Building security and privacy technologies

Overlay Point of Contact: Jon Boyens 

 

Download Overlay

 

Return to Control Overlay Repository Overview

Disclaimer Statement The National Institute of Standards and Technology (NIST) has established the Security Overlay Repository as a public service. Security control overlays are made available by NIST on an “AS IS” basis with NO WARRANTIES   Some submitted overlays may be available for free while others may be made available for a fee.  It is the responsibility of the User to comply with the Terms of Use of any given overlay. Overlay users are solely responsible for determining the appropriateness of using and distributing the security control overlays.  User assumes all risks associated with their use, including but not limited to compliance with applicable laws; damage to or loss of data, programs or equipment; and the unavailability or interruption of operation. NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY

Contacts

NIST Risk Management Framework Team
sec-cert@nist.gov

Created November 30, 2016, Updated May 08, 2024