Draft NIST Guidance Highlights Supply Chain Fundamentals as Key Practices in Cyber Supply Chain Risk Management

Client Alert | 1 min read | 02.21.20

Last week, the National Institute of Standards and Technology (NIST) published the draft NISTIR 8276 “Key Practices in Cyber Supply Chain Risk Management” providing Key Practices and related recommendations for monitoring, controlling, and understanding how to conduct cyber – supply chain risk management (C-SCRM). The Eight Key Practices are general and apply equally, in practice, to both traditional supply chain management and C-SCRM, including:

Integrating SCRM across the organization,
Understanding the organization’s supply chain, and
Assessing and monitoring SCRM throughout the supplier relationship.

Specific guidance includes, among others:

Increasing Board involvement in C-SCRM;
Understanding the cyber relationship with suppliers, including whether they process critical data; and
Using third-party assessments to evaluate suppliers.

The guidance should serve to remind organizations of the need to know their supply chain well and to have a purposeful approach to its management. Organizations have an opportunity to comment on this draft guidance until March 4, 2020.

Contacts

Stephanie L. Crawford
Counsel
- Washington, D.C.
  - D | +1.202.624.2811
c2NyYXdmb3JkQGNyb3dlbGwuY29t
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 4 min read | 06.25.26

Twin Executive Orders Seek to Spur Quantum Leap in Technology and Cybersecurity

On June 22, 2026, President Trump signed two executive orders, “Securing the Nation Against Advanced Cryptographic Attacks” (Quantum Security EO) and “Ushering in the Next Frontier of Quantum Innovation” (Quantum Innovation EO), marking the most significant federal action on quantum technology since the Quantum Computing Cybersecurity Preparedness Act of 2022, which directed agencies to harden their information systems against quantum-enabled hacking. The orders seek to speed the development of quantum computers, which are advanced processors that can calculate multiple possibilities simultaneously and thus solve problems exponentially faster than traditional computers. At the same time, the orders look to protect against the danger that quantum technology can “break” traditional encryption by easily decoding it. Of particular note for government contractors, the Quantum Security EO directs agencies to update federal acquisition regulations to require contractors by 2031 to adopt information processing standards that resist quantum-enabled codebreaking....

Client Alert | 7 min read | 06.24.26
DOJ’s National Security Division Announces First Declination Under New Corporate Enforcement Policy With Parallel BIS Settlement
Client Alert | 3 min read | 06.24.26
OhioHealth Settlement and White House Report Signal Broader Federal Focus on Restrictive Hospital Contracting
Client Alert | 4 min read | 06.23.26
EPA Hands Over AI Data Center Regulation to States and Communities to Develop Best Practices

View All Insights