1. Home
  2. |Insights
  3. |Draft NIST Guidance Highlights Supply Chain Fundamentals as Key Practices in Cyber Supply Chain Risk Management

Draft NIST Guidance Highlights Supply Chain Fundamentals as Key Practices in Cyber Supply Chain Risk Management

Client Alert | 1 min read | 02.21.20

Last week, the National Institute of Standards and Technology (NIST) published the draft NISTIR 8276 “Key Practices in Cyber Supply Chain Risk Management” providing Key Practices and related recommendations for monitoring, controlling, and understanding how to conduct cyber – supply chain risk management (C-SCRM). The Eight Key Practices are general and apply equally, in practice, to both traditional supply chain management and C-SCRM, including:

  • Integrating SCRM across the organization,
  • Understanding the organization’s supply chain, and
  • Assessing and monitoring SCRM throughout the supplier relationship. 

Specific guidance includes, among others:

  • Increasing Board involvement in C-SCRM;
  • Understanding the cyber relationship with suppliers, including whether they process critical data; and
  • Using third-party assessments to evaluate suppliers.

The guidance should serve to remind organizations of the need to know their supply chain well and to have a purposeful approach to its management. Organizations have an opportunity to comment on this draft guidance until March 4, 2020.

Contacts

Insights

Client Alert | 7 min read | 09.29.25

White House Seeks Industry Input on Laws and Rules that Hinder AI Development

On September 26, the White House invited the public to submit comments on Federal laws, rules, and policies that “unnecessarily hinder” the development or deployment of artificial intelligence (AI) technologies in the United States. This request marks one of the Trump Administration’s most substantial moves yet to reduce the regulatory burden on AI. Respondents may submit comments through a government website until October 27, 2025....