The National Institute of Standards and Technology has announced the release of Special Publication 800-18r2, a revision that expands the guidelines for security, privacy and cybersecurity supply chain risk management system plans.
Table of Contents
Consolidating Security, Privacy and Supply Chain Risk Management
According to the initial public draft issued Wednesday, these system plans gather all critical information and serve as a centralized point of reference for assets and individuals safeguarded within an authorization boundary and interconnected systems. These centralized system plans also contain system and risk management decisions and the responsible individuals. The consolidated information on risk management decisions includes details on data creation, collection, dissemination, utilization, storage and disposal. They also include internal and external environments of operation, system components, data flows and controls for managing risks.
Key Revisions
The revised guideline details include enhanced guidance on developing system plans, insights into the development of system plans, revised system plan elements addressing security, privacy and cybersecurity supply chain risks, and considerations for the automated generation and maintenance of system plans using information management tools.
The draft includes supplemental materials such as system plan example outlines and updated roles and responsibilities related to system plan development.
Comments on the draft will be accepted until July 30.
Related Articles
The General Services Administration announced that the Federal Risk and Authorization Management Program, or FedRAMP, completed 114 cloud security authorizations in July for fiscal year 2025, more than double the number finished in FY 2024. GSA said Monday FedRAMP also authorized four new cloud service offerings through the FedRAMP 20x Phase One pilot. What Is FedRAMP 20x? Launched in March, FedRAMP 20x is a cloud-native authorization approach that seeks to reduce red tape and advance automation to enable companies to continuously validate the security of their cloud offerings. The framework seeks to simplify security requirements to speed up the authorization
The Department of the Air Force, in partnership with the Defense Innovation Unit, has unveiled Finance First, an initiative designed to accelerate development, deployment and financing of secure, resilient and reliable energy solutions at U.S. military installations. Finance First Builds on Private Sector Practices According to DIU, the program aims to improve energy resiliency and maintain uninterrupted mission operations by applying agile private sector practices to the design, financing and deployment of energy systems that can withstand grid instability, cyberattacks and other disruptions, while ensuring on-base power redundancy through an ‘all of the above’ approach to fuel sources and energy
Gen. Michael Erik Kurilla has stepped down as the commander of the U.S. Central Command, concluding a three-year tenure in the role. He handed over the command to Adm. Brad Cooper in a ceremony, CENTCOM said Friday. Commenting on his departure, Kurilla said, “It has been the honor of my life to have been their commander.” He welcomed the appointment of Cooper, saying that under his leadership, the “front lines of freedom will always succeed.” Who Is Gen. Michael Erik Kurilla? Kurilla has been CENTCOM’s commander since April 2022. Over the years, he headed the Airborne, Mechanized, Stryker, Ranger and