Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Practices for Managing Supply Chain Risks to Protect Federal Information Systems

Published

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes the information that is included in NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication provides federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices to strategically manage information and communications technology (ICT) supply chain risks over the life cycle of ICT systems, products, and services. The bulletin summarizes NISTIR 7622, and provides information on how ICT supply chain risk management (SCRM) considerations can be integrated into the federal acquisition life cycle. It was written by Jon Boyens and Celia Paulsen of NIST, Rama Moorthy of Hatha Systems, and Nadya Bartol and Stephanie Shankles of Booz Allen and Hamilton. References are provided to NIST publications and other information.
Citation
ITL Bulletin -

Keywords

computer security, communications technology, cyber security, federal organizations, information security, information technology, supply chain risk management, system development life cycle, system developers, system integrators, suppliers, threats, vulnerabilities

Citation

Radack, S. (2012), Practices for Managing Supply Chain Risks to Protect Federal Information Systems, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=912849 (Accessed February 25, 2024)
Created November 27, 2012, Updated January 27, 2020