Cyber security Supply Chain Risk Management Practices for Systems and Organisations

  1. Home
  2. /
  3. Library
  4. /
  5. Cyber security Supply Chain Risk Management Practices for Systems and Organisations

This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act.

NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems. The practices and controls described for Cybersecurity Supply Chain Risk Management (C-SCRM) apply to both information technology (IT) and operational technology (OT) environments.