Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NIST Special Publication 800-161 Revision 1, Pre-Draft Call for Comments

NIST is initiating an update of Special Publication (SP) 800-161, "Supply Chain Risk Management Practices for Federal Information Systems and Organizations," seeking preliminary comments on possible clarifications, additions, and removal of information.

Since NIST Special Publication (SP) 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, was published in 2015, many things have changed in the laws, regulations, tools, technologies, and best practices encompassing the information and communication technology (ICT) supply chain risk management (SCRM) ecosystem.

NIST has initiated an update of SP 800-161 to incorporate: lessons learned over the past several years; updates to relevant NIST guidance (e.g., NIST SP 800-37 Rev. 2, Draft NIST SP 800-53 Rev. 5, and the Cybersecurity Framework v1.1); and the priorities of the Administration.

NIST seeks the input of SP 800-161 stakeholders to ensure Revision 1 will continue to deliver a single set of cyber supply chain risk management practices to help federal departments and agencies manage the risks associated with the acquisition and use of IT/OT products and services in a way that is functional and usable.

To learn more about what NIST is specifically seeking, see the SP 800-161 Rev. 1 PRE-DRAFT Call for Comments. Please submit your comments no later than February 28, 2020.

Released February 4, 2020