Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Cybersecurity Supply Chain Management: Due Diligence Assessment Quick-Start Guide

Published

Author(s)

Jon Boyens, Rebecca McWhite, Laura Calloway

Abstract

Due diligence research is the investigative process of researching all available, pertinent information about a given supplier or product so that informed decisions can be made on new acquisitions or existing systems. This Quick-Start Guide provides cybersecurity supply chain risk management (C-SCRM) program management capabilities with considerations for creating due diligence supply chain risk assessments in accordance with NIST Special Publication (SP) 800-161 (Revision 1). Due diligence supplier assessments can be applied to any type of supplier, but this Quick-Start Guide is scoped to information and communications technology (ICT) suppliers. The components of a Due Diligence Assessment are Foreign Ownership, Control, or Influence (FOCI); Provenance; Resilience; Foundational Cyber Practices; and Supply Chain Tiers.
Citation
Special Publication (NIST SP) - 1326
Report Number
1326

Keywords

due diligence, C-SCRM, cybersecurity supply chain risk management

Citation

Boyens, J. , McWhite, R. and Calloway, L. (2026), NIST Cybersecurity Supply Chain Management: Due Diligence Assessment Quick-Start Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1326, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=961156 (Accessed July 9, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 8, 2026
Was this page helpful?