U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

White Paper NIST CSWP 11

Case Studies in Cyber Supply Chain Risk Management: Summary of Findings and Recommendations

Date Published: February 2020


Jon Boyens (NIST), Celia Paulsen (NIST), Nadya Bartol (Boston Consulting Group), Kris Winkler (Boston Consulting Group), James Gimbi (NIST)



case study; cyber supply chain risk management; C-SCRM; external dependency risk management; information and communications technology supply chain risk management; ICT SCRM; third-party risk management
Control Families

None selected


White Paper (DOI)

Supplemental Material:
Cyber SCRM Key Practices and Case Studies (other)

Document History:
02/04/20: White Paper NIST CSWP 11 (Final)


Security and Privacy
cybersecurity supply chain risk management