The National Institute of Standards and Technology (NIST) is seeking input from stakeholders on an update to NIST Special Publication (SP) 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
SP 800-161, first published in 2015, was established to provide guidance to Federal agencies on mitigating information and communications (ICT) supply chain risks.
In a pre-draft call for comments, however, NIST says that “many things have changed in the laws, regulations, tools, technologies, and best practices encompassing the [ICT] supply chain risk management ecosystem.”
The updated version of SP 800-161 will include:
- Lessons learned since the original SP was implemented;
- Updates to select NIST guidance such as NIST SP 800-37 Rev. 2, Draft NIST SP 800-53 Rev. 5, and Cybersecurity Framework v1.1; and
- “Priorities of the Administration.”
“NIST seeks the input of SP 800-161 stakeholders to ensure Revision 1 will continue to deliver a single set of cyber supply chain risk management practices to help Federal departments and agencies manage the risks associated with the acquisition and use of IT/operational technology products and services in a way that is functional and usable,” the pre-draft said.
Comment submissions on the update are due no later than Feb 28.