ThomasNet News Logo
Sign Up | Log In | ThomasNet Home | Promote Your Business

NIST Guide helps manage risk in federal ICT supply chain.

Print | 
Email |  Comment   Share  
November 29, 2012 - NIST published final version of Notional Supply Chain Risk Management Practices for federal information systems. Guide offers supply chain assurance methods to help federal agencies manage risks associated with purchasing and implementing information and communications technologies (ICT) products and services. Publication calls for procurement organizations to establish team approach to assess ICT supply chain risk and to manage risk by using technical and programmatic mitigation techniques.

NIST Publishes Methods to Manage Risk in the Federal ICT Supply Chain


(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)

National Institute of Standards & Technology
100 Bureau Dr., Stop 1070
Gaithersburg, MD, 20899-1070
USA



Press release date: November 27, 2012

The National Institute of Standards and Technology (NIST) has published the final version of Notional Supply Chain Risk Management Practices for Federal Information Systems. This guide offers an array of supply chain assurance methods to help federal agencies manage the risks associated with purchasing and implementing information and communications technologies (ICT) products and services.

Security risks introduced via the supply chain—both intentional and unintentional—are substantial and on the rise. The global ICT supply chain's growing sophistication and increasing speed and scale leave government agencies vulnerable to be exploited through a variety of means, including counterfeit materials, malicious software or untrustworthy products.

The guide describes ICT supply chain risk management as a multidisciplinary practice with a number of interconnected enterprise processes that, when performed correctly, will help departments and agencies manage the risk of using ICT products and services. The publication calls for procurement organizations to establish a coordinated team approach to assess the ICT supply chain risk and to manage this risk by using technical and programmatic mitigation techniques.

The new guide is based on information technology security practices and procedures published by NIST, the National Defense University, the National Defense Industrial Association and others. These practices were expanded to include supply chain implications. This version of Notional Supply Chain Risk Management Practices for Federal Information Systems has been through two public review periods, allowing for input from a broad array of stakeholders. The final publication differs from previous drafts in that it provides a more specific definition of the supply chain threat and further details on the roles of integrator and supplier and how they apply to the federal government's acquisition of commercial off-the-shelf products.

NIST is developing a draft Special Publication based on the proceedings of the Oct. 15-16, 2012, Supply Chain Risk Management Workshop and ongoing discussions with industry, academic and government stakeholders. PowerPoint presentations from that workshop are available at http://www.nist.gov/itl/csd/scrm_2012workshop.cfm. NIST will continue to engage public- and private-sector stakeholders throughout the publication development process.

Notional Supply Chain Risk Management Practices for Federal Information Systems (NIST IR 7622) is available at http://nvlpubs.nist.gov/nistpubs/ir/2012/NIST.IR.7622.pdf.

Media Contact: Evelyn Brown, evelyn.brown@nist.gov, 301-975-5661

Print | 
Email |  Comment   Share  
Contacts: View detailed contact information.


 

Post a comment about this story

Name:
E-mail:
(your e-mail address will not be posted)
Comment title:
Comment:
To submit comment, enter the security code shown below and press 'Post Comment'.
 



 See related product stories
More .....
 See more product news in:
Services
 More New Product News from this company:
NIST-Sponsored Report addresses greenhouse gas measurement.
Disaster/Failure Study Data will be available via NIST website.
NIST Physicist receives 2011 William F. Meggers Award.
More ....
| Featured Manufacturing Jobs
 Other News from this company:
NIST-University of Maryland Conference to Highlight Women in Physics
NIST MEP Sets Up One-Stop Shop for Manufacturing-Related Research and Reports
Grants to Two States Will Support Improved Access to Services and Reduce Fraud
NIST Cybersecurity Framework
NIST Releases Updates to Digital Signature Standard
More ....
 Tools for you
Watch Company 
View Company Profile
Company web site
More news from this company
E-mail this story to a friend
Save Story
Search for suppliers of
Trade Associations


Home  |  My ThomasNet News®  |  Industry Market Trends®  |  Submit Release  |  Advertise  |  Contact News  |  About Us
Brought to you by Thomasnet.com        Browse ThomasNet Directory

Copyright © 2014 Thomas Publishing Company. All Rights Reserved.
Terms of Use - Privacy Policy



Error close

Please enter a valid email address