Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Practices for Managing Supply Chain Risks to Protect Federal Information Systems



Shirley M. Radack


This bulletin summarizes the information that is included in NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication provides federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices to strategically manage information and communications technology (ICT) supply chain risks over the life cycle of ICT systems, products, and services. The bulletin summarizes NISTIR 7622, and provides information on how ICT supply chain risk management (SCRM) considerations can be integrated into the federal acquisition life cycle. It was written by Jon Boyens and Celia Paulsen of NIST, Rama Moorthy of Hatha Systems, and Nadya Bartol and Stephanie Shankles of Booz Allen and Hamilton. References are provided to NIST publications and other information.
ITL Bulletin -


computer security, communications technology, cyber security, federal organizations, information security, information technology, supply chain risk management, system development life cycle, system developers, system integrators, suppliers, threats, vulnerabilities


Radack, S. (2012), Practices for Managing Supply Chain Risks to Protect Federal Information Systems, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 14, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created November 27, 2012, Updated January 27, 2020