NIST Seeks Comments on 2nd Draft Publication on Cyber Supply Chain Risk Management Practices

1 min read

The National Institute of Standards and Technology (NIST) is seeking feedback on the second draft of a special publication about cybersecurity supply chain risk management practices

The updated draft of the SP 800-161 Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations includes audience profiles, an updated structure and two new appendices focused on federal agencies.

One of the appendices offers additional guidance for federal agencies with regard to risk response, supply chain risk assessment factors, risk severity levels and assessment documentation.

The second appendix titled Response to Executive Order 14028’s Call to Publish Preliminary Guidelines or Enhancing Software Supply Chain Security outlines industry standards, practices and tools in response to directives stipulated in Section 4(c) of the cybersecurity executive order signed in May.

Public comments are due Dec. 3rd. NIST plans to issue the final draft of the publication during the third quarter of 2022.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Cybersecurity

Leave a Reply

Your email address will not be published.

The Ultimate Guide to Winning Government Contracts Let us show you how top executives are winning so you can replicate it