🔍

Exploring Cyber Supply Chain Risk Management

Apr 28, 2025

Case Studies in Cyber Supply Chain Risk Management

Summary of Findings and Recommendations

General Information

  • Publication Date: February 2020
  • Authors: Jon Boyens (NIST), Celia Paulsen (NIST), Nadya Bartol (Boston Consulting Group), Kris Winkler (Boston Consulting Group), James Gimbi (NIST)
  • Document Type: Cybersecurity White Paper (CSWP 11)
  • Link: DOI: 10.6028/NIST.CSWP.11

Abstract Overview

  • Part of new research on Cyber Supply Chain Risk Management (C-SCRM).
  • Builds on previous 2015 publications by the CSD C-SCRM program.
  • Based on interviews with 16 experts from six diverse companies in industries such as:
    • Digital storage
    • Consumer electronics
    • Renewable energy
    • Consumer foods
    • Healthcare
    • Enterprise cybersecurity
  • Informed six individual company case studies, a summary of findings, recommendations, and a key practices document.

Key Findings

  • C-SCRM is a developing field that requires ongoing research and attention.
  • Mature organizations employ diverse C-SCRM practices.
  • Less mature organizations require practical guidance for implementing C-SCRM.
  • Identified trends and correlations from expert interviews.

Recommendations

  • Further research and guidance development is necessary.
  • Quantitative analysis and metrics for cyber supply chain risk are needed.
  • Evaluate supplier terms and conditions for potential additions.
  • Develop a sample supplier tiering structure, especially for organizations with many suppliers.
  • Additional case studies should be created to showcase successful C-SCRM programs.

Keywords

  • Case study
  • Cyber supply chain risk management
  • C-SCRM
  • External dependency risk management
  • Information and communications technology supply chain risk management (ICT SCRM)
  • Third-party risk management

Additional Materials

Contact Information

  • National Institute of Standards and Technology (NIST) Headquarters: 100 Bureau Drive, Gaithersburg, MD 20899
  • Email: [email protected]

View note sourcehttps://csrc.nist.gov/pubs/cswp/11/case-studies-in-cscrm-summary-of-findings-and-reco/final