NIST to Update Supply Chain Risk Guidance

supply chain risk management process automation

The National Institute of Standards and Technology (NIST) is seeking input from stakeholders on an update to NIST Special Publication (SP) 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations.

SP 800-161, first published in 2015, was established to provide guidance to Federal agencies on mitigating information and communications (ICT) supply chain risks.

In a pre-draft call for comments, however, NIST says that “many things have changed in the laws, regulations, tools, technologies, and best practices encompassing the [ICT] supply chain risk management ecosystem.”

Transforming workflows enables a service-focused government. Learn More

The updated version of SP 800-161 will include:

  • Lessons learned since the original SP was implemented;
  • Updates to select NIST guidance such as NIST SP 800-37 Rev. 2, Draft NIST SP 800-53 Rev. 5, and Cybersecurity Framework v1.1; and
  • “Priorities of the Administration.”

“NIST seeks the input of SP 800-161 stakeholders to ensure Revision 1 will continue to deliver a single set of cyber supply chain risk management practices to help Federal departments and agencies manage the risks associated with the acquisition and use of IT/operational technology products and services in a way that is functional and usable,” the pre-draft said.

Comment submissions on the update are due no later than Feb 28.

Jordan Smith
About Jordan Smith
Jordan Smith is a MeriTalk Staff Reporter covering the intersection of government and technology.