The Cybersecurity and Infrastructure Security Agency is developing a guide to help agencies overcome the challenges of managing cyber supply chain risks.
According to Brian Paap, Cyber Engineering Consultant at CISA, the agency has been working on how to approach Cyber Supply Chain Risk Management (CSCRIM) over the past two years.
CISA recently ran a pilot designed to figure out all of the measures required to stand up and sustain a CSCRIM program within federal departments and agencies.
Paap noted CISA has recently developed the Overview and Guidelines document, which combines learnings from NIST 161 and elements of NIST 853, Rev 5 and several other resources.
Source: https://governmentciomedia.com/cisa-developing-guidelines-managing-cyber-supply-chain-risks