This is a potential security issue, you are being redirected to https://csrc.nist.gov.
You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.
NIST has released the initial public draft (ipd) of Special Publication (SP) 800-18r2 (Revision 2), Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems.
The system security plan, privacy plan, and cybersecurity supply chain risk management plan consolidate information about the assets and individuals being protected within an authorization boundary and its interconnected systems. These system plans serve as a centralized point of reference for information about the system and risk management decisions, including data being created, collected, disseminated, used, stored, and disposed of; the individuals responsible for system risk management efforts; details about the internal and external environments of operation, system components, and data flows; and controls that are planned or in place to manage risks.
The comment period is open through July 30, 2025. See the publication details for a copy of the draft, supplemental files, and a comment template. Commenters are encouraged to use that template and submit feedback to [email protected] with “SP 800-18r2 ipd comments” in the subject.
Security and Privacy: access authorization, authentication, cybersecurity supply chain risk management, planning, privacy, risk management
Laws and Regulations: Federal Information Security Modernization Act, OMB Circular A-130