NIST SP 800-161 Rev. 1, titled “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” offers comprehensive guidance for organizations to identify, assess, and mitigate cybersecurity risks across their supply chains. It integrates cybersecurity supply chain risk management (C-SCRM) into broader risk management activities through a multi-level approach, including the development of C-SCRM strategies, policies, implementation plans, and risk assessments for products and services. The publication emphasizes managing risks not only in final products but also in their components and the entire supply chain journey. It includes updated controls, metrics, and guidance on risk appetite and tolerance, aligning with U.S. Executive Order 14028 on enhancing software supply chain security. The document supports organizations in building robust third-party risk management programs by addressing acquisition strategies, supplier assessments, notification agreements, and supplier inventory management, thereby improving supply chain integrity and resilience against cyber threats.
Publication's URL
URL: https://csrc.nist.gov/pubs/sp/800/161/r1/upd1/finalPublication's scorecard
Issuer: NIST
Country: USA
Scope: Cyber
Typology: Standard
Publication's date: May 1, 2022
Category: Third Party Risk Management
Sector: Cross-Sector
Rating:
(1 votes, average: 2.00 out of 5)
Loading...
Country: USA
Scope: Cyber
Typology: Standard
Publication's date: May 1, 2022
Category: Third Party Risk Management
Sector: Cross-Sector
Rating:
(1 votes, average: 2.00 out of 5)Loading...Error: unable to get links from server. Please make sure that your site supports either file_get_contents() or the cURL library.