NIST releases draft update to supply chain risk management guidance for developing security plans

The National Institute of Standards and Technology is seeking feedback on a draft update to supply chain guidance on developing security plans for systems using common elements to promote consistency across an organization or mission set.

“The system security plan, system privacy plan, and cybersecurity supply chain risk management plan -- collectively referred to as system plans -- consolidate information about the assets and individuals being protected within an authorization boundary and its interconnected systems,” NIST says in a June...