Email this Article Email   

CHIPS Articles: NIST Draft Offers Impact Analysis Tool to Evaluate Cyber Supply Chain Risks

NIST Draft Offers Impact Analysis Tool to Evaluate Cyber Supply Chain Risks
By CHIPS Magazine - March 16, 2020
As awareness of cybersecurity supply-chain risks grows among federal agencies, there is a greater need for solutions that can evaluate the consequences of a supply chain-related cyber event, the National Institute of Standards and Technology, said in a release. However, this can be a difficult, especially for those organizations with complex operational environments and supply chains.

A publicly available solution to support supply chain risk analysis that specifically takes into account the potential impact of an event does not currently exist. NIST seeks to remedy that with NISTIR 8272(Draft). This draft describes how to use the Cyber Supply Chain Risk Management (C-SCRM) Interdependency Tool that has been developed to help federal agencies identify and assess the potential impact of cybersecurity events in their interconnected supply chains.

NISTIR 8272(Draft) describes a prototype tool that shows a possible solution for “filling the gap between an organization's risk appetite and supply chain risk posture by providing a basic measurement of the potential impact of a cyber-supply chain event,” NIST reported. This tool does not represent a complete supply-chain risk management solution. Rather, it is intended to be integrated into or used in concert with tools such as third-party management, enterprise resource planning, and supply chain management efforts.

NIST said comments that are related to additional functionality or other aspects of the tool may be used to develop future versions of the software.

Download NISTIR 8272 (Draft). Comments are due April 17, 2020; please email comments to:

Supplemental Material:
CSRC - Source Code, Sample Data, and Installer Packages (other)
GitHub - Source Code, Sample Data, and Installer Packages (pdf)

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer