NIST publishes another public draft about cybersecurity supply chain management risk

The US National Institute of Standards and Technology (NIST) issued the second public draft of Special Publication (SP) 800 – cybersecurity supply chain risk management practices for systems and organizations. This publication guides organizations on identifying, assessing, and mitigating cyber supply chain risks at all levels of their organizations. The publication integrates cyber supply chain risk management (C-SCRM) into risk management activities by applying a multi-level, C-SCRM-specific approach. The new version also includes two appendices that focus more specifically on Federal departments and agencies. The deadline for public comments is December 3, 2021.