Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Cybersecurity Supply Chain Risk Management

Cybersecurity Supply Chain Risk Management C-SCRM

C-SCRM Questions and Public Comments

Questions and comments about Cybersecurity Supply Chain Risk Management (C-SCRM) are always welcome and can be directed to [email protected]. When a public comment period for a C-SCRM publication is open, contact information for providing feedback on it will be listed in the "Status" column of the table below.

 

The following C-SCRM guidance documents are in progress: 

 

Status of C-SCRM Guidance Publications in Progress
Title Series & Number Public Comment Period Status
NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick Start Guide Special Publication (SP) 1326 CLOSED Undergoing final editorial review
Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems SP 800-18 Revision 2 CLOSED

Incorporating comments from the public comment period

To contact the NIST C-SCRM team about speaking at your organization's event, please use our Speaker Request Form

Contacts

Supply Chain General Inquiries
[email protected]

sw.assurance Google Group
[email protected]

Jon Boyens - Project Lead - NIST
301-975-5549

Rebecca McWhite - Technical Lead - NIST

Jeff Brewer - NIST

Created May 24, 2016, Updated December 03, 2025