Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Cybersecurity Supply Chain Risk Management

Cybersecurity Supply Chain Risk Management C-SCRM

C-SCRM Questions and Public Comments

Questions and comments about Cybersecurity Supply Chain Risk Management (C-SCRM) are always welcome and can be directed to [email protected]. When a public comment period for a C-SCRM publication is open, contact information for providing feedback on it will be listed in the "Status" column of the table below.

 

The following C-SCRM guidance documents are in progress: 

 

Status of C-SCRM Guidance Publications in Progress
Title Series & Number Public Comment Period Status
NICE Workforce Framework for Cybersecurity N/A CLOSED

Reviewing feedback from the public comment period.
Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities Special Publication (SP) 800-218 Revision 1 CLOSED

Reviewing feedback from the public comment period. 
NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick Start Guide  SP 1326 CLOSED Undergoing final editorial review.
Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems SP 800-18 Revision 2 CLOSED

Incorporating comments from the public comment period.

To contact the NIST C-SCRM team about speaking at your organization's event, please use our Speaker Request Form

Contacts

Supply Chain General Inquiries
[email protected]

sw.assurance Google Group
[email protected]

Jon Boyens - Project Lead - NIST
301-975-5549

Rebecca McWhite - Technical Lead - NIST

Jeff Brewer - NIST

Created May 24, 2016, Updated February 11, 2026