NIST seeks industry input on update to key supply chain risk management publication

The National Institute of Standards and Technology is seeking comment on the first revision of its supply chain risk management publication, a “foundational” document used by organizations to help “identify, assess, and respond to cyber supply chain risks.”

“The revision to this foundational NIST publication represents a 1-year effort to incorporate next generation cyber supply chain risk management (C-SCRM) controls, strategies, policies, plans, and risk assessments into broader enterprise risk management activities by applying a multi-level approach,” NIST said in...