NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

News & Events

{Oct. 2013} -- Note - the deadline to submit comments for the Draft SP 800-161 document has been extended (this link will go to the SCRM Publications page where link to the draft document & template is provided.).

{Aug. 2013} -- NIST announces that Draft Special Publication (SP) 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, has been released for public comment - can be accessed either by the SCRM Publications page OR the CSRC Drafts page.

{Dec. 2012} -- NIST is pleased to announce a report by the University of Marylandís Supply Chain Management Center: Proof of Concept for an Enterprise ICT SCRM Assessment Package

more news

Contact

General Inquires
scrm-nist@nist.gov

Jon Boyens
Project Lead
boyens@nist.gov
301-975-5549

Celia Paulsen
Technical Lead
celia.paulsen@nist.gov
301-975-5981

SUPPLY CHAIN RISK MANAGEMENT (SCRM) FOR INFORMATION AND COMMUNICATIONS TECHNOLOGY

Overview

The Information and Communications Technology (ICT) supply chain is a globally distributed, interconnected set of organizations, people, processes, services, products, and other elements. It extends across the full Systems Development Life Cycle including Research and Development (R&D), design, acquisition of custom or Commercial-off-the-Shelf (COTS) products, delivery, integration, operations, and disposal/retirement.

Federal agency information systems, which rely on COTS hardware and software, are increasingly at risk of both intentional and unintentional supply chain compromise due to the growing sophistication of ICT products and the growing speed and scale of a complex, distributed global supply chain. Federal agencies increasingly lack understanding, visibility and control of the processes and practices used to create and deliver hardware and software products and services that are contracted out, especially beyond the prime contractor. This deficiency increases the risk of exploitation of supply chain vulnerabilities and makes it increasingly difficult for Federal agencies to understand and manage their supply chain risks. Some of the threats to the ICT supply chain include counterfeit materials, malicious software, and untrustworthy products.

NIST/ITL Approach

NIST is working with government, industry, academia, and other stakeholders to identify and evaluate technologies, tools, techniques, best practices and standards useful in securing the ICT supply chain. NIST will use this information to develop SCRM tools and a Special Publication on ICT SCRM Best Practices.