The National Institute of Standards and Technology (NIST) is seeking input from stakeholders on an update to NIST Special Publication (SP) 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations.

SP 800-161, first published in 2015, was established to provide guidance to Federal agencies on mitigating information and communications (ICT) supply chain risks.

In a pre-draft call for comments, however, NIST says that “many things have changed in the laws, regulations, tools, technologies, and best practices encompassing the [ICT] supply chain risk management ecosystem.”

Transforming workflows enables a service-focused government. Learn More

The updated version of SP 800-161 will include:

  • Lessons learned since the original SP was implemented;
  • Updates to select NIST guidance such as NIST SP 800-37 Rev. 2, Draft NIST SP 800-53 Rev. 5, and Cybersecurity Framework v1.1; and
  • “Priorities of the Administration.”

“NIST seeks the input of SP 800-161 stakeholders to ensure Revision 1 will continue to deliver a single set of cyber supply chain risk management practices to help Federal departments and agencies manage the risks associated with the acquisition and use of IT/operational technology products and services in a way that is functional and usable,” the pre-draft said.

Comment submissions on the update are due no later than Feb 28.

Read More About
More Topics
Jordan Smith
Jordan Smith
Jordan Smith is a MeriTalk Senior Technology Reporter covering the intersection of government and technology.