Aug. 16, 2013
DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations
This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multi-tiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.
NIST requests comments on Draft NIST SP 800-161 by October 15, 2013.
More at NIST