This Quick-Start Guide based on the widely adopted content in NIST SP 800-161r1 proposes an implementation-ready approach to conducting the minimum amount of reasonable research and investigative rigor on potential suppliers.
Cybersecurity supply chain risk management (C-SCRM) assessments start with due diligence. Acquirers who make procurement decisions need to be informed about potential supplier risks before those decisions are executed. Consequently, many acquisition operating procedures strongly recommend or even require an assessment of a supplier’s risk prior to entering into an agreement with them.
Based on the widely adopted content in NIST Special Publication (SP) 800-161r1, this finalized Quick-Start Guide proposes an implementation-ready approach to conducting the minimum amount of reasonable research and investigative rigor on potential suppliers. Identifying the primary risk factors that an acquirer should consider can enable quick, informed turnarounds despite limited resources.