Draft NIST Guidance Highlights Supply Chain Fundamentals as Key Practices in Cyber Supply Chain Risk Management
Client Alert | 1 min read | 02.21.20
Last week, the National Institute of Standards and Technology (NIST) published the draft NISTIR 8276 “Key Practices in Cyber Supply Chain Risk Management” providing Key Practices and related recommendations for monitoring, controlling, and understanding how to conduct cyber – supply chain risk management (C-SCRM). The Eight Key Practices are general and apply equally, in practice, to both traditional supply chain management and C-SCRM, including:
- Integrating SCRM across the organization,
- Understanding the organization’s supply chain, and
- Assessing and monitoring SCRM throughout the supplier relationship.
Specific guidance includes, among others:
- Increasing Board involvement in C-SCRM;
- Understanding the cyber relationship with suppliers, including whether they process critical data; and
- Using third-party assessments to evaluate suppliers.
The guidance should serve to remind organizations of the need to know their supply chain well and to have a purposeful approach to its management. Organizations have an opportunity to comment on this draft guidance until March 4, 2020.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 4 min read | 07.02.26
A Busy Week for Aviation Regulatory Developments
The week of June 29 brought a flurry of regulatory activity from the Department of Transportation (DOT), the Federal Aviation Administration (FAA), and the Transportation Security Administration (TSA) impacting companies across sectors including airlines, supersonic aircraft manufacturers, drone operators, and owners/operators of critical infrastructure facilities. A summary of the key developments is below.
Client Alert | 4 min read | 07.02.26
Logged Out: How LOGZONE's DIBCAC Challenges Put It Squarely in DOJ's Crosshairs
Client Alert | 6 min read | 07.02.26
Client Alert | 3 min read | 07.02.26
Prohibiting Adversarial Patents Act of 2026 (H.R. 9142): What the Drone Industry Needs to Know


