NIST SP 800-161r1
Definition
The US National Institute of Standards and Technology publication 'Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations' (Revision 1, 2022). The primary US government guidance document for C-SCRM, providing a tiered set of practices aligned with the NIST Cybersecurity Framework.
Related terms
- Dependency confusion
- An attack technique in which an attacker publishes a public package with the same name as an organisation's internal private package at...
- Software Bill of Materials (SBOM)
- A structured, machine-readable inventory of the software components in a product or system. Captures component names, versions, licences, and dependency relationships. Standard...
- Software Composition Analysis (SCA)
- A category of security tooling that scans source code, build manifests, and container images to identify open-source and third-party components, match them...
- Transitive dependency
- A software library that an application does not import directly but is pulled in automatically because a direct dependency requires it. Transitive...
- Vendor due diligence
- The pre-procurement and ongoing process of assessing a supplier's security practices before and during a commercial relationship. In supply-chain risk management, due...
Explained in
- Supply-Chain Risk and Software DependenciesThe US National Institute of Standards and Technology publication 'Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations' (Revisio...