The National Institute of Standards and Technology (NIST) is seeking feedback on the second draft of a special publication about cybersecurity supply chain risk management practices.
The updated draft of the SP 800-161 Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations includes audience profiles, an updated structure and two new appendices focused on federal agencies.
One of the appendices offers additional guidance for federal agencies with regard to risk response, supply chain risk assessment factors, risk severity levels and assessment documentation.
The second appendix titled Response to Executive Order 14028’s Call to Publish Preliminary Guidelines or Enhancing Software Supply Chain Security outlines industry standards, practices and tools in response to directives stipulated in Section 4(c) of the cybersecurity executive order signed in May.
Public comments are due Dec. 3rd. NIST plans to issue the final draft of the publication during the third quarter of 2022.