NIST SP 800-161 Rev. 1 offers a comprehensive approach for managing cybersecurity risks in supply chains, addressing concerns such as malicious functionality, counterfeit products, and vulnerabilities stemming from poor manufacturing or development practices. It emphasizes the need for a multilevel, C-SCRM-specific strategy, covering areas like implementing C-SCRM policies, plans, and risk assessments for products and services. Updates to the document reflect ongoing efforts to integrate supply chain security into broader organizational risk management. The latest version also includes additional tools like the SCRM Assessment Scoping Questionnaire to aid in practical implementation.
#cybersecurity#supply chain#risk management#c-scrm#guidance#assessment#supply chain security