NIST publishes methods to manage risk in the federal ICT supply chain

November 28, 2012

The National Institute of Standards and Technology (NIST) has published the final version of Notional Supply Chain Risk Management Practices for Federal Information Systems. This guide offers an array of supply chain assurance methods to help federal agencies manage the risks associated with purchasing and implementing information and communications technologies (ICT) products and services.

Security risks introduced via the supply chain—both intentional and unintentional—are substantial and on the rise. The global ICT supply chain's growing sophistication and increasing speed and scale leave vulnerable to be exploited through a variety of means, including counterfeit materials, or untrustworthy products.

The guide describes ICT supply chain risk management as a multidisciplinary practice with a number of interconnected enterprise processes that, when performed correctly, will help departments and agencies manage the risk of using ICT products and services. The publication calls for procurement organizations to establish a coordinated to assess the ICT supply chain risk and to manage this risk by using technical and programmatic mitigation techniques.

The new guide is based on information technology security practices and procedures published by NIST, the National Defense University, the National Defense Industrial Association and others. These practices were expanded to include supply chain implications. This version of Notional Supply Chain Risk Management Practices for Federal Information Systems has been through two public review periods, allowing for input from a broad array of stakeholders. The final publication differs from previous drafts in that it provides a more specific definition of the supply chain threat and further details on the roles of integrator and supplier and how they apply to the federal government's acquisition of commercial off-the-shelf products.

NIST is developing a draft Special Publication based on the proceedings of the Oct. 15-16, 2012, Supply Chain Risk Management Workshop and ongoing discussions with industry, academic and government stakeholders. PowerPoint presentations from that workshop are available at www.nist.gov/itl/csd/scrm_2012workshop.cfm . NIST will continue to engage public- and private-sector stakeholders throughout the publication development process.

Notional Risk Management Practices for (NIST IR 7622) is available at http://nvlpubs.nist.gov/nistpubs/ir/2012/NIST.IR.7622.pdf .

Explore further: New NIST report advises: Securing critical computer systems begins at the beginning

Related Stories

NIST Issues Guidelines for Ensuring RFID Security

April 27, 2007

Retailers, manufacturers, hospitals, federal agencies and other organizations planning to use radio frequency identification (RFID) technology to improve their operations should also systematically evaluate the possible security ...

NIST issues draft IPv6 technical profile

February 1, 2007

The National Institute of Standards and Technology (NIST) yesterday issued a draft profile that will assist federal agencies in developing plans to acquire and deploy products that implement Internet Protocol version 6 (IPv6). ...

Recommended for you

Hyperloop or hyperbole? Musk promises NY-DC run in 29 mins

July 21, 2017

US entrepreneur Elon Musk said Thursday he'd received tentative approval from the government to build a conceptual "hyperloop" system that would blast passenger pods down vacuum-sealed tubes from New York to Washington at ...

Google, EU dig in for long war

July 20, 2017

Google and the EU are gearing up for a battle that could last years, with the Silicon Valley behemoth facing a relentless challenge to its ambition to expand beyond search results.

Strengthening 3-D printed parts for real-world use

July 20, 2017

From aerospace and defense to digital dentistry and medical devices, 3-D printed parts are used in a variety of industries. Currently, 3-D printed parts are very fragile and only used in the prototyping phase of materials ...

Swimming robot probes Fukushima reactor to find melted fuel

July 19, 2017

An underwater robot entered a badly damaged reactor at Japan's crippled Fukushima nuclear plant Wednesday, capturing images of the harsh impact of its meltdown, including key structures that were torn and knocked out of place.

Microsoft cloud to help Baidu self-driving car effort

July 19, 2017

Microsoft's cloud computing platform will be used outside China for collaboration by members of a self-driving car alliance formed by Chinese internet search giant Baidu, the companies announced on Tuesday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.