NIST has published NISTIR 8272, "Impact Analysis Tool for Independent Cyber Supply Chain Risks."
NIST announces the publication of NISTIR 8272, Impact Analysis Tool for Interdependent Cyber Supply Chain Risks. This document describes a tool developed to fill the gap between an organization's risk appetite and supply chain risk posture by providing a basic measurement of the potential impact of a cyber supply chain event. This tool does not represent a complete supply chain risk management solution, but is intended to be integrated into or used in concert with tools such as third-party management, enterprise resource planning, and supply chain management efforts.