Contact Us

Continuity Insights Management Conference

NIST Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations

Continuity Insights

ComplianceEnterprise Risk ManagementNews

More than ever, organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain.

These risks can decrease an enterprise’s visibility into and understanding of how the technology that they acquire is developed, integrated, and deployed. They can also affect and be affected by the processes, procedures, and practices used to ensure the security, resilience, reliability, safety, integrity, and quality of products and services.

That is why NIST is inviting comments on a major revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161). The updates are designed to better help organizations identify, assess, and respond to cyber supply chain risks while still aligning with other fundamental NIST cybersecurity risk management guidance.

The revision to this foundational NIST publication represents a 1-year effort to incorporate next generation cyber supply chain risk management (C-SCRM) controls, strategies, policies, plans, and risk assessments into broader enterprise risk management activities by applying a multi-level approach. The changes focus on making implementation guidance more modular and consumable for acquirers, suppliers, developers, system integrators, external system service providers, and other information and communications technology (ICT)/operational technology (OT)-related service providers. Additionally, the references have been updated and expanded.

Based on comments received by June 14, 2021, NIST anticipates releasing a second draft in September 2021 and a final version by April 2022. NIST is especially interested in feedback on whether the document provides guidance and a structure that any organization can use, regardless of size or mission, and that is still sufficiently descriptive to be clear and actionable.

See the publication details for a copy of the draft publication and instructions for submitting comments.

Click here to post comments.

LinkedInFlipboardPinterestRedditSMSWhatsApp

Cyber-Resilience: What Business Continuity Managers Can and Must Do

New York ACP Metro Announces May Meeting Date and Speaker

Continuity Insights

Similar Articles

More than Half of Organizations Not Effectively Defending Against Cyberattacks

More than half (55%) of large companies are not effectively stopping cyberattacks, finding and fixing breaches quickly, or reducing the impact of breaches, according to a new research study from …

Regroup Garners Two Major Communications Awards

Regroup Mass Notification, a provider of emergency and day-to-day communication solutions, has been chosen by TMC as a winner of the 2020 Unified Communications Product of the Year Award. Additionally, it …

Witt O’Brien’s Introduces the PandemicBuzz Podcast

Witt O’Brien’s has launched PandemicBuzz, a snapshot-in-time interview series, where crisis management, business continuity, and crisis communications experts talk about their current pandemic efforts, state of mind, and corporate path …

Leave a Comment

Address

Group C Media, Inc.
The Galleria, 2 Bridge Avenue, Suite 231
Red Bank, NJ 07701

Contact

800.524.0337

info@groupc.com

Newsletter

Read the latest news and information for business continuity professionals. Get information on new products and services from manufacturers and service providers to the industry. Learn More.

© 2024 Continuity Insights

About Contact Privacy Policy Terms of Use Advisory Board Advertise
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly