Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Notional Supply Chain Risk Management Practices for Federal Information Systems



Jon M. Boyens, Celia Paulsen, Nadya Bartol, Rama Moorthy, Stephanie Shankles


This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk to federal information systems. It seeks to equip federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices that offer a means to obtain an understanding of, and visibility throughout, the supply chain.
NIST Interagency/Internal Report (NISTIR) - 7622
Report Number


Information and Communication Technology, ICT, Supply Chain, Risk Management, Acquire, Supplier


Boyens, J. , Paulsen, C. , Bartol, N. , Moorthy, R. and Shankles, S. (2012), Notional Supply Chain Risk Management Practices for Federal Information Systems, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed May 21, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created October 16, 2012, Updated November 10, 2018