Supply Chain Risk Management Practices for Federal Information Systems
The information and communications technology (ICT) supply chain is a globally distributed, interconnected set of organizations, people, processes, products, and services.
The modern ICT supply chain is subject to a variety of cyber security threats. These threats may affect the confidentiality, integrity, or availability of government information and information systems and include counterfeiting, tampering, theft, reduced or unwanted functionality, or malicious content.
This document seeks to equip federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices that offer a means to obtain a greater level of understanding, visibility, traceability, and control throughout the ICT supply chain than agencies have today.
Use these recommendations from NIST guidelines to help your own organization implement strong supply chain risk management best practices.
Included in this ZIP file are:
- Intro Page.pdf
- Terms and Conditions.pdf
- Supply Chain Risk Management Practices.pdf