This report from NIST provides guidance to federal agencies on identifying, assessing, and mitigating information and communications technology (ICT) supply chain risks at all levels of their organizations. The publication integrates ICT supply chain risk management (SCRM) into federal agency risk management activities by applying a multitiered, SCRM- specific approach, including guidance on assessing supply chain risk and applying mitigation activities.

Download Research Paper