Draft NIST Guidance Highlights Supply Chain Fundamentals as Key Practices in Cyber Supply Chain Risk Management
Client Alert | 1 min read | 02.21.20
Last week, the National Institute of Standards and Technology (NIST) published the draft NISTIR 8276 “Key Practices in Cyber Supply Chain Risk Management” providing Key Practices and related recommendations for monitoring, controlling, and understanding how to conduct cyber – supply chain risk management (C-SCRM). The Eight Key Practices are general and apply equally, in practice, to both traditional supply chain management and C-SCRM, including:
- Integrating SCRM across the organization,
- Understanding the organization’s supply chain, and
- Assessing and monitoring SCRM throughout the supplier relationship.
Specific guidance includes, among others:
- Increasing Board involvement in C-SCRM;
- Understanding the cyber relationship with suppliers, including whether they process critical data; and
- Using third-party assessments to evaluate suppliers.
The guidance should serve to remind organizations of the need to know their supply chain well and to have a purposeful approach to its management. Organizations have an opportunity to comment on this draft guidance until March 4, 2020.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 4 min read | 04.23.26
Bipartisan Coalition of State AGs Backs Federal PBM Transparency Rule
In mid-April, a bipartisan coalition of 45 State Attorneys General (AG) submitted a formal letter to the U.S. Department of Labor (DOL) expressing their collective support for a proposed rule (Improving Transparency into Pharmacy Benefit Manager Fee Disclosure, or RIN 1210-AB37), which would — if enacted — impose new disclosure obligations on pharmacy benefit managers (PBM) regulated under the Employee Retirement Income Security Act of 1974 (ERISA).
Client Alert | 5 min read | 04.23.26
Client Alert | 3 min read | 04.23.26
Crowell Tracker of Court Rulings on Legal Privilege and Artificial Intelligence Tools
Client Alert | 2 min read | 04.23.26
Two Lawsuits in One: The Growing Risk of Pairing Biometric Tech With Wage-and-Hour Violations


