SlideShare a Scribd company logo

NIST Updates Federal Supply Chain Risk Management Practices Guide

U
unevendock6891

The National Institute of Standards and Technology (NIST) has updated the guidelines for Supply Chai...

1 of 1
Download to read offline
NIST Updates Federal Supply Chain Risk Management Practices Guide The National Institute of Standards and Technology (NIST) has updated the guidelines for Supply Chain Risk Management Practices for Federal Information Management Systems and Organizations and published the draft in efforts to seek feedback before the public comment period ends July 18, 2014."Between the growing sophistication and complexity of modern information and communication technology (ICT) and the lengthy and geographically diverse ICT supply chains, important federal information systems are at risk of being compromised by counterfeits, tampering, theft, malicious software and poor manufacturing practices," NIST stated. "A counterfeit chip could cause a computer system to break down; malware could lead to loss of critical information."The publication provides guidance to federal departments and agencies on procurement security issues by providing strategies to identify, assess, and mitigate ICT supply chain risks at multiples levels in the process, and is intended to be applied to "high-impact systems" as identified in NIST's Standards for Security Categorization of Federal Information and Information Systems guidelines."NIST recommends that evaluating ICT supply chains should be part of an organization's overall risk management activities and should involve identifying and assessing applicable risks, determining appropriate mitigating actions, and developing a plan to document mitigating actions and monitoring performance," NIST explained. "The plan should be adapted to fit each organization's mission, threats and operating environment, as well as its existing ICT supply chains."The guidelines were revised after an extensive review and comments period that sought input from the ICT community, and NIST is seeking further feedback on key changes, including:Increased emphasis on balancing the risks and costs of ICT supply chain risk management processes and controls throughout the publicationAn ICT supply chain risk management controls summary table that provides a baseline and maps to NIST Special Publication 800-53 Revision 4 High baseline controls in Appendix DAn annotated ICT Supply Chain Risk Management Plan Template in Appendix HComments may be submitted by email to scrm-nist@nist.gov using the template on the web page.Read More Here...Â

Recommended

#BCMeeting2019: Rethinking Cybersecurity
#BCMeeting2019: Rethinking Cybersecurity#BCMeeting2019: Rethinking Cybersecurity
#BCMeeting2019: Rethinking CybersecurityInternational Chamber of Commerce - ICC
 
Medical Devices Under Attack
Medical Devices Under Attack Medical Devices Under Attack
Medical Devices Under Attack Medigate
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorPaul O'Connor
 
Digitalization - the Catalyst for Social Care
Digitalization - the Catalyst for Social CareDigitalization - the Catalyst for Social Care
Digitalization - the Catalyst for Social CareIBM Cúram Software Health and Social Programs
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Phil Agcaoili
 

Recommended

#BCMeeting2019: Rethinking Cybersecurity
#BCMeeting2019: Rethinking Cybersecurity#BCMeeting2019: Rethinking Cybersecurity
#BCMeeting2019: Rethinking CybersecurityInternational Chamber of Commerce - ICC
 
Medical Devices Under Attack
Medical Devices Under Attack Medical Devices Under Attack
Medical Devices Under Attack Medigate
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorPaul O'Connor
 
Digitalization - the Catalyst for Social Care
Digitalization - the Catalyst for Social CareDigitalization - the Catalyst for Social Care
Digitalization - the Catalyst for Social CareIBM Cúram Software Health and Social Programs
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Phil Agcaoili
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]Walter Richard Sweeney
 
NHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesNHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesDr Dev Kambhampati
 
FCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB TechFCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB Tech#TheFraudTube
 
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...ARMA International
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Rapid7 CAG Compliance Guide
Rapid7 CAG Compliance GuideRapid7 CAG Compliance Guide
Rapid7 CAG Compliance GuideRapid7
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis PYA, P.C.
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Donald E. Hester
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 
Hernan huwyler - Recovering From a Breach
Hernan huwyler - Recovering From a BreachHernan huwyler - Recovering From a Breach
Hernan huwyler - Recovering From a BreachHernan Huwyler, MBA CPA
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
Sana Jaffrey - World Bank Indonesia
Sana Jaffrey - World Bank IndonesiaSana Jaffrey - World Bank Indonesia
Sana Jaffrey - World Bank IndonesiaGeneva Declaration
 
2. Defence Systems
2. Defence Systems2. Defence Systems
2. Defence SystemsNapier University
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Hernan Huwyler, MBA CPA
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docxrobert345678
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 

More Related Content

What's hot

Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]Walter Richard Sweeney
 
NHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesNHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesDr Dev Kambhampati
 
FCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB TechFCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB Tech#TheFraudTube
 
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...ARMA International
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Rapid7 CAG Compliance Guide
Rapid7 CAG Compliance GuideRapid7 CAG Compliance Guide
Rapid7 CAG Compliance GuideRapid7
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis PYA, P.C.
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Donald E. Hester
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 
Hernan huwyler - Recovering From a Breach
Hernan huwyler - Recovering From a BreachHernan huwyler - Recovering From a Breach
Hernan huwyler - Recovering From a BreachHernan Huwyler, MBA CPA
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
Sana Jaffrey - World Bank Indonesia
Sana Jaffrey - World Bank IndonesiaSana Jaffrey - World Bank Indonesia
Sana Jaffrey - World Bank IndonesiaGeneva Declaration
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Hernan Huwyler, MBA CPA
 

What's hot (18)

Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
 
NHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesNHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best Practices
 
FCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB TechFCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB Tech
 
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data Security
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
 
Rapid7 CAG Compliance Guide
Rapid7 CAG Compliance GuideRapid7 CAG Compliance Guide
Rapid7 CAG Compliance Guide
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines School
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184
 
Hernan huwyler - Recovering From a Breach
Hernan huwyler - Recovering From a BreachHernan huwyler - Recovering From a Breach
Hernan huwyler - Recovering From a Breach
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical Devices
 
Sana Jaffrey - World Bank Indonesia
Sana Jaffrey - World Bank IndonesiaSana Jaffrey - World Bank Indonesia
Sana Jaffrey - World Bank Indonesia
 
2. Defence Systems
2. Defence Systems2. Defence Systems
2. Defence Systems
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
 

Similar to NIST Updates Federal Supply Chain Risk Management Practices Guide

2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docxrobert345678
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesDr Dev Kambhampati
 
NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161David Sweigert
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
Governing Information Security
Governing Information SecurityGoverning Information Security
Governing Information SecurityRoberto Reale
 
Roberto Reale - Governing Information Security
Roberto Reale - Governing Information SecurityRoberto Reale - Governing Information Security
Roberto Reale - Governing Information SecurityLegal Hackers Roma
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docx· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docxoswald1horne84988
 
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)ijcsit
 
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)AIRCC Publishing Corporation
 

Similar to NIST Updates Federal Supply Chain Risk Management Practices Guide (20)

2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challenges
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
 
NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
Governing Information Security
Governing Information SecurityGoverning Information Security
Governing Information Security
 
Roberto Reale - Governing Information Security
Roberto Reale - Governing Information SecurityRoberto Reale - Governing Information Security
Roberto Reale - Governing Information Security
 
NIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdfNIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdf
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docx· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docx
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
 
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
 
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
 

NIST Updates Federal Supply Chain Risk Management Practices Guide

  • 1. NIST Updates Federal Supply Chain Risk Management Practices Guide The National Institute of Standards and Technology (NIST) has updated the guidelines for Supply Chain Risk Management Practices for Federal Information Management Systems and Organizations and published the draft in efforts to seek feedback before the public comment period ends July 18, 2014."Between the growing sophistication and complexity of modern information and communication technology (ICT) and the lengthy and geographically diverse ICT supply chains, important federal information systems are at risk of being compromised by counterfeits, tampering, theft, malicious software and poor manufacturing practices," NIST stated. "A counterfeit chip could cause a computer system to break down; malware could lead to loss of critical information."The publication provides guidance to federal departments and agencies on procurement security issues by providing strategies to identify, assess, and mitigate ICT supply chain risks at multiples levels in the process, and is intended to be applied to "high-impact systems" as identified in NIST's Standards for Security Categorization of Federal Information and Information Systems guidelines."NIST recommends that evaluating ICT supply chains should be part of an organization's overall risk management activities and should involve identifying and assessing applicable risks, determining appropriate mitigating actions, and developing a plan to document mitigating actions and monitoring performance," NIST explained. "The plan should be adapted to fit each organization's mission, threats and operating environment, as well as its existing ICT supply chains."The guidelines were revised after an extensive review and comments period that sought input from the ICT community, and NIST is seeking further feedback on key changes, including:Increased emphasis on balancing the risks and costs of ICT supply chain risk management processes and controls throughout the publicationAn ICT supply chain risk management controls summary table that provides a baseline and maps to NIST Special Publication 800-53 Revision 4 High baseline controls in Appendix DAn annotated ICT Supply Chain Risk Management Plan Template in Appendix HComments may be submitted by email to scrm-nist@nist.gov using the template on the web page.Read More Here...Â