Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST's Key Practices in Cyber Supply Chain Risk Management: Observations from Industry--NISTIR 8276

NIST announces the publication of NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management: Observations from Industry.

NIST announces the release of NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management (C-SCRM): Observations from Industry. This final document provides the ever-increasing community of digital businesses a set of Key Practices that any organization can use to manage cybersecurity risks associated with their supply chains.

The Key Practices presented in this document can be used to implement a robust C-SCRM function at an organization of any size, scope, or complexity. These practices combine the information contained in existing C-SCRM government and industry resources with the information gathered during the 2015 and 2019 NIST research on industry best practices. The Key Practices also include 24 actionable recommendations that synthesize how these practices can be implemented from a people, process, and technology perspective.

Released February 11, 2021