NIST has released a revision of Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1).
This document updates guidance on identifying, assessing, and responding to cybersecurity risks throughout the supply chain at all levels of an organization.
The publication offers key practices for organizations to adopt as they develop their capability to manage cybersecurity risks within and across their supply chains.
It also encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its individual components — which may have been developed elsewhere — and the journey those components took to reach their destination.
The development of this document follows two earlier draft revisions.