NIST's Key Practices in Cyber Supply Chain Risk Management: Observations from Industry--NISTIR 8276

NIST announces the release of NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management (C-SCRM): Observations from Industry. This final document provides the ever-increasing community of digital businesses a set of Key Practices that any organization can use to manage cybersecurity risks associated with their supply chains.

The Key Practices presented in this document can be used to implement a robust C-SCRM function at an organization of any size, scope, or complexity. These practices combine the information contained in existing C-SCRM government and industry resources with the information gathered during the 2015 and 2019 NIST research on industry best practices. The Key Practices also include 24 actionable recommendations that synthesize how these practices can be implemented from a people, process, and technology perspective.