U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Supply Chain Risk Management Practices for Federal Information Systems and Organizations

Published

Author(s)

Jon M. Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol

Abstract

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the federal agencies’ decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated and deployed, as well as the processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services. This publication provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations. This publication integrates ICT supply chain risk management (SCRM) into federal agency risk management activities by applying a multi-tiered, SCRM-specific approach, including guidance on assessing supply chain risk and applying mitigation activities.
Citation
Special Publication (NIST SP) - 800-161
Report Number
800-161
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

Acquire, Information and Communication Technology Supply Chain Risk Management, ICT SCRM, risk management, supplier, supply chain, supply chain risk, supply chain risk assessment, supply chain assurance, supply chain security
Information technology, Cybersecurity and privacy and Internet of Things (IoT)

Citation

Boyens, J. , Paulsen, C. , Moorthy, R. and Bartol, N. (2015), Supply Chain Risk Management Practices for Federal Information Systems and Organizations, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-161 (Accessed April 25, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created April 8, 2015, Updated November 10, 2018
Was this page helpful?