top of page

NIST Cybersecurity Supply Chain Risk Management (C-SCRM) Fundamentals

Training Course

Best NIST Cyber Supply Chain Risk Management C-SCRM Training Course

Title: NIST Cybersecurity-Supply Chain Risk Management (C-SCRM) Fundamentals

  • Modalities: Self-Paced Online

  • Duration: 2 days

 

Overview 

This course is designed to introduces students to the foundational concepts behind the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-161 and related supply cyber-supply chain risk management topics. 

 

Who Should Attend

  • Line of Business Leadership

  • Non-Technical Managers

  • Technical Managers

  • Industry Members (e.g., Manufacturing Extension Program, State-Federal Liaisons)

 

Course Agenda

  • Day 1 (AM):

    • Introductions

    • What is supply chain risk management

    • What is the relationship between supply chain risk management and multilevel enterprise risk management

    • NIST’s cyber supply chain risk management program

    • How does C-SCRM fit into traditional supply chain risk management

    • The role of NIST SP 800-161

    • Supplemental materials

    • Legal and regulatory relationships

      • Executive Order 14028: Improving the Nation’s Cybersecurity

      • The SECURE Technology Act

      • The Federal Acquisition Supply Chain Security Act of 2018 (FASCSA)

      •  The Federal Acquisition Security Council (FASC) Rule

  • Day 1 (PM):

    • C-SCRM critical success factors

      • Acquisition

      • Supply chain information sharing

      • Training and awareness

      • Measures

      • Resources

    • C-SCRM focus areas

      • Foundational practices

      • Enterprise-wide practices

      • Risk management practices

        • Risk

        • Threats and vulnerabilities

      • Critical systems

  • Day 2 (AM):

    • C-SCRM control selection

    • C-SCRM control families

      • Access control

      • Awareness and training

      • Audit and accountability

      • Assessment, authorization, and monitoring

      • Configuration management

      • Contingency planning

      • Identification and authentication

      • Incident response

      • Maintenance

      • Media protection

      • Physical and environmental protection

      • Planning

      • Program management

      • Personnel security

      • Personally identifiable information processing and transparency

      • Risk assessment

      • System and services acquisition

      • System and communications protection

      • System and information integrity

      • Supply chain risk management

  • Day 2 (PM):

    • C-SCRM control summary mapping to NIST SP 800-53

    • C-SCRM control flow down to sub-contractors

    • C-SCRM implementation planning and strategies

    • Review

    • Exam

bottom of page