Security, Privacy, and C-SCRM Risk Management Plans: NIST Releases SP 800-18r2

NIST

View As Web Page

Header

NIST Cybersecurity and Privacy Program

Security, Privacy, and C-SCRM Risk Management Plans: NIST Releases SP 800-18r2

NIST has released Special Publication (SP) 800-18r2 (Revision 2), Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems. This revision broadens the scope of system planning to encompass three interconnected plan types that are collectively referred to as "system plans": the system security plan, system privacy plan, and cybersecurity supply chain risk management (C-SCRM) plan. Essential system plan elements are correlated with the steps and tasks of the NIST Risk Management Framework (RMF) to provide a streamlined approach to system plan development.

These updated guidelines emphasize the use of machine-readable data formats for automated data collection and real-time reporting dashboards to support risk management decisions throughout the system life cycle. The publication also provides ready-to-use supplemental materials, including example outlines for system plans and organization-defined formats as well as a guide on roles and responsibilities.

Learn More

NIST Cybersecurity and Privacy Program
Questions and comments can be directed to: sec-cert@nist.gov
CSRC Website questions: csrc-inquiry@nist.gov