On February 4, 2020, the National Institute of Standards and Technology ("NIST") issued a pre-draft call for comments to Special Publication 800-161r1, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
Since its publication in 2015, there have been many changes in the laws, regulations, tools, and technologies related to supply chain risk management. To that end, in consistent with past updates, NIST:
seeks the input of SP 800-161 stakeholders to ensure Revision 1 will continue to deliver a single set of cyber supply chain risk management practices to help federal departments and agencies manage the risks associated with the acquisition and use of IT/OT products and services in a way that is functional and usable.
According to the release, NIST seeks input on the following:
Additions, changes, or removals of ICT SCRM guidance, tiers, controls or control enhancements along with a rationale for the addition, change or removal of the ICT SCRM guidance, tiers, controls or enhancements.
Comments are due by February 28, 2020 via email to email@example.com.
PRE-DRAFT Call for Comments: Supply Chain Risk Management Practices for Federal Information Systems and Organizations
. . .