Publications

Displaying 1 - 22 of 22

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM) (Japanese translation)

March 14, 2025

Author(s)

Jon Boyens, Rebecca McWhite, Laura Calloway, Nadya Bartol, Karen Scarfone

The CSF can help an organization become a smart acquirer and supplier of technology products and services. This guide focuses on two ways the CSF can help you: 1) Use the CSF's GV.SC Category to establish and operate a C-SCRM capability. 2) Define and

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

November 1, 2024

Author(s)

Jon Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alex Holbrook, Matthew Fallon

Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These

Appendix F: Software Security in Supply Chains

October 31, 2024

Author(s)

Jon Boyens

The President's Executive Order (EO) on "Improving the Nation's Cybersecurity (14028)" issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM)

October 21, 2024

Author(s)

Jon M. Boyens, Rebecca McWhite, Laura Calloway, Nadya Bartol, Karen Scarfone

Use the CSF to Improve Your C-SCRM Processes. The CSF can help an organization become a smart acquirer and supplier of technology products and services. This guide focuses on two ways the CSF can help you: 1) Use the CSF's GV.SC Category to establish and

Cybersecurity Supply Chain Risk Management for Systems and Organizations

May 5, 2022

Author(s)

Jon Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alexander Holbrook, Matthew Fallon

[Superseded by SP 800-161r1-upd1 (Nov 2024): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958681] Organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are

SOFTWARE SECURITY IN THE BROADER SUPPLY CHAIN: EO 14028, Section 4(d)

May 5, 2022

Author(s)

Jon Boyens

[Superseded by Appendix F [NIST SP 800-161r1] (October 2024): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958682] The President's Executive Order (EO) on "Improving the Nation's Cybersecurity (14028)" issued on May 12, 2021, charges multiple

Approaches for Federal Agencies to Use the Cybersecurity Framework

August 17, 2021

Author(s)

Jeffrey Marron, Victoria Yan Pillitteri, Jon M. Boyens, Stephen Quinn, Gregory Witte

The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards

Key Practices in Cyber Supply Chain Risk Management: Observations from Industry

February 11, 2021

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi

In today's highly connected, inter-dependent world, all organizations rely on others for critical products and services. However, the reality of globalization, while providing many benefits, has resulted in a world where organizations no longer fully

Impact Analysis Tool for Interdependent Cyber Supply Chain Risks

August 25, 2020

Author(s)

Celia Paulsen, Jon M. Boyens, Jeffrey Ng, Kris Winkler, James Gimbi

As awareness of cybersecurity supply chain risks grows among federal agencies, there is a greater need for tools that evaluate the impacts of a supply chain-related cyber event. This can be a difficult activity, especially for those organizations with

Approaches for Federal Agencies to Use the Cybersecurity Framework

March 19, 2020

Author(s)

Jeffrey A. Marron, Victoria Y. Pillitteri, Jon M. Boyens, Stephen D. Quinn, Gregory A. Witte, Larry Feldman

Case Studies in Cyber Supply Chain Risk Management: Anonymous Consumer Electronics Company

February 4, 2020

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi

The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally

Case Studies in Cyber Supply Chain Risk Management: Anonymous Consumer Goods Company

February 4, 2020

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi

Case Studies in Cyber Supply Chain Risk Management: Anonymous Renewable Energy Company

February 4, 2020

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi

Case Studies in Cyber Supply Chain Risk Management: Mayo Clinic

February 4, 2020

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi

Case Studies in Cyber Supply Chain Risk Management: Palo Alto Networks, Inc.

February 4, 2020

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi

Case Studies in Cyber Supply Chain Risk Management: Seagate Technology

February 4, 2020

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi

Case Studies in Cyber Supply Chain Risk Management: Summary of Findings and Recommendations

February 4, 2020

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi

This document is part of Case Studies in Cyber Supply Chain Risk Management-new research that builds on the CSD C-SCRM program's 2015 publications aimed at identifying how C-SCRM practices have evolved. For this case study series, NIST conducted interviews

Criticality Analysis Process Model

April 9, 2018

Author(s)

Celia Paulsen, Jon M. Boyens, Nadya Bartol, Kris Winkler

In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the

Increasing Visibility and Control of Your ICT Supply Chains

June 15, 2015

Author(s)

Jon M. Boyens, Celia Paulsen, Larry Feldman, Greg Witte

This bulletin summarizes the information presented in NIST SP 800-161, Supply Chain Management Practices for Federal Information Systems and Organizations, written by Jon Boyens and Celia Paulsen. The publication provides guidance to federal agencies on

Supply Chain Risk Management Practices for Federal Information Systems and Organizations

April 8, 2015

Author(s)

Jon M. Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and

Summary of the Workshop on Information and Communication Technologies Supply Chain Risk Management

July 10, 2013

Author(s)

Celia Paulsen, Jon M. Boyens

There is a great demand from federal departments and agencies for supply chain risk management (SCRM) guidance. This document is a summary of a workshop held October 15-16, 2012 to broadly engage all stakeholders in an effort to set a foundation for NIST's

Notional Supply Chain Risk Management Practices for Federal Information Systems

October 16, 2012

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Rama Moorthy, Stephanie Shankles

This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk to federal information systems. It seeks to equip federal departments and agencies with a notional set of repeatable and

Search Publications by: Jon M Boyens (Fed)