The National Institute of Standards and Technology (NIST) has recently released an update on managing risks in the supply chain. This release has not come at a better time given the large increase in supply chain attacks. The cyber security supply chain risk management is a process for managing exposure to cybersecurity risks throughout the
The NIST 800-171 publication defines the government requirements for the protection of controlled unclassified information, or CUI in non-federal systems and organizations.
What it means is that the government now requires companies that would like to conduct business with the US government, also known as government contractors, meet a set of security controls on their corporate network to ensure they protect sensitive government information.