NIST has released an errata update to its foundational publication on managing cybersecurity risks in supply chains. Special Publication (SP) 800-161r1 (Revision 1), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, was published in May 2022 in response to the 2021 Executive Order on Improving the Nation’s Cybersecurity. This errata update seeks to clarify NIST guidance on aspects such as vulnerability advisory reports and software bills of material and fix errors like inaccurate numbering of control enhancements. Additional changes may be found in the Revision History (Appendix K) of the errata update.
See the updated publication. Questions about the publication can be sent to scrm-nist@nist.gov.
Learn More...
Security and Privacy: acquisition, cybersecurity supply chain risk management
Laws and Regulations: Executive Order 14028