This bulletin summarizes the information that is included in NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication provides federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices to strategically manage information and communications technology (ICT) supply chain risks over the life cycle of ICT systems, products, and services. The bulletin summarizes NISTIR 7622, and provides information on how ICT supply chain risk management (SCRM) considerations can be integrated into the federal acquisition life cycle. It was written by Jon Boyens and Celia Paulsen of NIST, Rama Moorthy of Hatha Systems, and Nadya Bartol and Stephanie Shankles of Booz Allen and Hamilton. References are provided to NIST publications and other information.
This bulletin summarizes the information that is included in NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication provides federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance...
See full abstract
This bulletin summarizes the information that is included in NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication provides federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices to strategically manage information and communications technology (ICT) supply chain risks over the life cycle of ICT systems, products, and services. The bulletin summarizes NISTIR 7622, and provides information on how ICT supply chain risk management (SCRM) considerations can be integrated into the federal acquisition life cycle. It was written by Jon Boyens and Celia Paulsen of NIST, Rama Moorthy of Hatha Systems, and Nadya Bartol and Stephanie Shankles of Booz Allen and Hamilton. References are provided to NIST publications and other information.
Hide full abstract
Keywords
computer security; communications technology; cyber security; federal organizations; information security; information technology; supply chain risk management; system development life cycle; system developers; system integrators; suppliers; threats; vulnerabilities
