Cybersecurity Supply Chain Risk Management C-SCRM

NIST-Sponsored Research

NIST regularly conducts and awards contracts, grants, or cooperative agreements to conduct research into cybersecurity supply chain risk management (C-SCRM) and related topics. The following are relevant research activities:

Cyber Risk Analytics: A NIST and GSA-Sponsored grant from 2015-2017 examining the relationship between various risk management practices and publicly disclosed breaches.

• The Cyber Risk Predictive Analytics Project
• Cyber Risk Analytics Project Review Workshop (with video)

Industry C-SCRM Best Practices: Ongoing work developing case studies exploring effective risk management practices used by various industry organizations. 

• Final Report: Leveraging the Cyber Risk Portal as A Teaching & Education Tool.

Cyber Risk Portal: An Enterprise Risk Assessment Application developed by the University of Maryland from grants awarded in 2010 and 2012.

• Proof of Concept for an ICT SCRM Enterprise Assessment Package
• The ICT SCRM Community Framework Development Project: Final Report.

C-SCRM Environmental Scan: From a grant awarded in 2010, the University of Maryland researched existing standards documents related to SCRM.

• Assessing SCRM Capabilities and Perspectives of the IT Vendor Community: Toward a Cyber-Supply Chain Code of Practice.

To submit a grant / cooperative agreement proposal, please see https://www.nist.gov/itl/how-work-us/itl-grants-program.