This download includes the NIST SP800-161 provisions only so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.
NIST SP 800-161 is a set of standards and guidelines to help federal agencies and contractors implement and maintain their supply chain risk management practices set by the Federal Information Security Management Act (FISMA).
It is organised into families. Families organize supply chain risk managemement controls at their highest level.
The NIST SP 800-161 includes 127 controls across 19 high level families which are:
- ACCESS CONTROL
- AWARENESS AND TRAINING
- AUDIT AND ACCOUNTABILITY
- SECURITY ASSESSMENT AND AUTHORIZATION
- CONFIGURATION MANAGEMENT
- CONTINGENCY PLANNING
- IDENTIFICATION AND AUTHENTICATION
- INCIDENT RESPONSE
- MEDIA PROTECTION
- PHYSICAL AND ENVIRONMENTAL PROTECTION
- PROGRAM MANAGEMENT
- PERSONNEL SECURITY
- RISK ASSESSMENT
- SYSTEM AND SERVICES ACQUISITION
- SYSTEM AND COMMUNICATIONS PROTECTION
- SYSTEM AND INFORMATION INTEGRITY
Getting StartedEnter your getting started instructions here
|Type||Laws or related obligations|