NIST’s Boyens: Revised supply chain publication provides acquisition considerations for risk management

The National Institute of Standards and Technology has incorporated acquisition guidance for cyber supply chain risk management into the first draft of an influential publication for both government and industry, in response to a shift in industry perspective toward NIST’s role on procurement issues, says the agency’s Jon Boyens.

The SECURE Technologies Act of 2018 played a significant role in NIST’s decision to change the publication to address acquisition and procurement, according to Boyens, who leads NIST’s Cyber Supply Chain...