Overlay Name: NIST SP 800-161, Rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
Overlay Publication Date: May 2022
Technology or System: Cyber Supply Chain
Overlay Author: Jon Boyens (NIST), Angela Smith (NIST), Nadya Bartol (BCG), Kris Winkler (BCG), Alex Holbrook (BCG), Matthew Fallon (BCG)
Comments: Identification and augmentation of cybersecurity supply chain risk management (C-SCRM)-related controls in SP 800-53, Revision 5. Refer to SP 800-161r1, Appendix A, for the C-SCRM Controls.
C-SCRM is an enterprise-wide activity that should be directed from a governance perspective, regardless of the specific enterprise structure. This publication is intended to serve a diverse audience involved in C-SCRM, including those responsible for:
Overlay Point of Contact: Jon Boyens
Return to Control Overlay Repository Overview
Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act