Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NISTIR 8276 (Draft)

Key Practices in Cyber Supply Chain Risk Management: Observations from Industry

Date Published: February 2020
Comments Due: March 4, 2020 (public comment period is CLOSED)
Email Questions to: scrm-nist@nist.gov

Author(s)

Jon Boyens (NIST), Celia Paulsen (NIST), Nadya Bartol (Boston Consulting Group), Kris Winkler (Boston Consulting Group), James Gimbi (Boston Consulting Group)

Abstract

Keywords

best practices; cyber supply chain risk management; C-SCRM; external dependency management; information and communication technology supply chain risk management; ICT SCRM; key practices; risk management; supplier; supply chain; supply chain assurance; supply chain risk; supply chain risk assessment; supply chain risk management; supply chain security; third-party risk management
Control Families

None selected

Documentation

Publication:
NISTIR 8276 (Draft) (DOI)
Local Download

Supplemental Material:
Cyber SCRM Key Practices and Case Studies (other)
NIST news article (other)

Document History:
02/04/20: NISTIR 8276 (Draft)

Topics

Security and Privacy
cyber supply chain risk management

Applications
cybersecurity framework