Cybersecurity Supply Chain Risk Management for Systems and Organizations
Jon M. Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alexander Holbrook, Matthew Fallon
Organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise's decreased visibility into, and understanding of, how the technology they acquire is developed, integrated, and deployed, or the processes, procedures, standards, and practices used to ensure the security, resilience, reliability, safety, integrity, and quality of the products and services. This publication provides guidance to organizations on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain at all levels of their organizations. The publication integrates cybersecurity supply chain risk management (C-SCRM) into risk management activities by applying a multilevel, C-SCRM-specific approach, including guidance on development of C-SCRM strategy implementation plans, C-SCRM policies, C-SCRM plans, and risk assessments for products and services.
, Smith, A.
, Bartol, N.
, Winkler, K.
, Holbrook, A.
and Fallon, M.
Cybersecurity Supply Chain Risk Management for Systems and Organizations, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-161r1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934690
(Accessed May 29, 2023)