The National Institute of Standards and Technology (NIST) released updated system-planning guidance that broadens federal cybersecurity documentation to cover security, privacy, and cybersecurity supply chain risk management (C-SCRM).
The revision – titled Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems – consolidates information on how organizations develop and maintain key risk management documentation for information systems.
NIST said system plans consolidate information about assets, individuals, authorization boundaries, interconnected systems, data flows, responsible personnel, internal and external environments, and risk-management controls.
Read the rest of the story at MeriTalk.



