NIST Releases Cyber Supply Chain Draft Guidance

The National Institute of Standards and Technology (NIST) is seeking public comment on the Feb. 4 draft of its cyber supply chain risk management guidance. The new guidance, Key Practices in Cyber Supply Chain Risk Management, walks stakeholders through strategies to address possible cybersecurity issues associated with the modern IT supply chain. The draft discusses the complexities of vulnerabilities in a changing cyber supply chain that can make it difficult to secure the system from threats. “The seed of the problem is that everything is interconnected nowadays. Products are very sophisticated, and with our globalized economy, companies often outsource the tasks of developing components and code to other companies, involving multiple tiers of suppliers,” Jon Boyens, one of the NIST authors of the report, said.