NIST releases final update to flagship supply chain risk management publication

The National Institute of Standards and Technology has released the final version of an update to its foundational supply chain publication addressing cybersecurity risks to help “organizations protect themselves as they acquire and use technology products and services.”

The revision is part of NIST’s response to Section 4 of the 2021 cyber executive order which gave the agency several tasks to enhance software supply chain security. NIST has taken out the appendix concerning specific EO requirements from the final...