NIST Updates Cybersecurity Guidance for Supply Chain Risk Management

The National Institute of Standards and Technology (NIST) has released an updated guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. The updated guide, titled Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, offers specific methods for companies to adopt as they improve their ability to manage cybersecurity risks within and across their supply chains. Additionally, the document “encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components — which may have been developed elsewhere — and the journey those components took to reach their destination,” according to NIST. The primary audience for the updated guide is acquirers and end users of products, software, and services. “Organizations need to have greater assurance that what they are purchasing and using is trustworthy,” said Angela Smith, one of the publication’s authors. “This new guidance can help you understand what risks to look for and what actions to consider taking in response.” Access the Updated Guide at NIST.