Skip to content
Home / Function (NIST CSF 2.0) / GV - Govern / SC - TPRM

NIST SP 800-18 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems

This document focuses on:
NIST SP 800-18 Revision 2, “Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems,” provides a structured framework for creating comprehensive security plans for federal information systems, integrating security, privacy, and supply chain risk management considerations. The publication outlines the essential components of a system security plan (SSP), which formally documents the security requirements for a system and describes the controls in place or planned to meet those requirements. It emphasizes the need for organizations to address not only traditional security and privacy risks, but also the growing challenges associated with cybersecurity supply chain risks due to increased reliance on third-party providers and external products. The guidance supports the integration of security and privacy controls into organizational processes such as enterprise architecture, system development life cycle (SDLC), and acquisition, ensuring that controls are selected, implemented, and monitored effectively throughout the system’s lifecycle. By following NIST SP 800-18, organizations can ensure compliance with regulatory requirements, manage risks holistically, and protect critical information assets against evolving threats, including those arising from the supply chain.

Publication's URL

https://csrc.nist.gov/pubs/sp/800/18/r2/ipd

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *