Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Best Practices in Cyber Supply Chain Risk Management

On October 1-2, 2015, NIST will host a workshop to share information on Best Practices in Cyber Supply Chain Risk Management, which will provide insights on:

  • State of practice in several industry sectors;
  • Currently used tools, standards, and best practices;
  • How to establish a business case for integrating cyber supply chain risk management into organization's overall risk management processes;
  • How to communicate cyber supply chain concerns to executive leadership;
  • Synergies between quality, continuity, cybersecurity and other areas of risk that together help reduce overall risks to the organization.

Relevant case studies from companies such as Cisco, NetApp, P&G, John Deere, and many others will be reviewed for discussion at the workshop.

The NIST Framework for Improving Critical Infrastructure Cybersecurity ("the Framework") released in February 2014 was published simultaneously with the companion Roadmap for Improving Critical Infrastructure Cybersecurity. The Roadmap identified Supply Chain Risk Management as an area for future focus. Since the release of the Framework and companion Roadmap, NIST has researched best practices in supply chain security, cybersecurity, continuity and quality through engagement with industry leaders. This workshop will assist NIST in validating and expanding the findings from its research and help inform future versions of the Framework and other cybersecurity and supply chain risk management initiatives.

Related Projects:

Supply Chain Risk Management for Information and Communications Technology

Created July 14, 2015, Updated May 13, 2016