The National Institute of Standards and Technology has published the final version of its guide to help federal agencies manage the risks associated with purchasing information and communications products and services.
“Notional Supply Chain Risk Management Practices for Federal Information Systems” calls for procurement organizations to establish a coordinated team approach to assess the ICT supply chain risk and to manage this risk by using technical and programmatic mitigation techniques.
The new guide is based on information technology security practices and procedures published by NIST, the National Defense University, the National Defense Industrial Association and others.
These practices were expanded to include supply chain implications.
Full report:
