NIST Cybersecurity Supply Chain Risk Management (C-SCRM) Fundamentals
Training Course
Title: NIST Cybersecurity-Supply Chain Risk Management (C-SCRM) Fundamentals
-
Modalities: Self-Paced Online
-
Live Instructor-Led: By Request
-
-
Duration: 2 days
Overview
This course is designed to introduces students to the foundational concepts behind the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-161 and related supply cyber-supply chain risk management topics.
Who Should Attend
-
Line of Business Leadership
-
Non-Technical Managers
-
Technical Managers
-
Industry Members (e.g., Manufacturing Extension Program, State-Federal Liaisons)
Course Agenda
-
Day 1 (AM):
-
Introductions
-
What is supply chain risk management
-
What is the relationship between supply chain risk management and multilevel enterprise risk management
-
NIST’s cyber supply chain risk management program
-
How does C-SCRM fit into traditional supply chain risk management
-
The role of NIST SP 800-161
-
Supplemental materials
-
Legal and regulatory relationships
-
Executive Order 14028: Improving the Nation’s Cybersecurity
-
The SECURE Technology Act
-
The Federal Acquisition Supply Chain Security Act of 2018 (FASCSA)
-
The Federal Acquisition Security Council (FASC) Rule
-
-
-
Day 1 (PM):
-
C-SCRM critical success factors
-
Acquisition
-
Supply chain information sharing
-
Training and awareness
-
Measures
-
Resources
-
-
C-SCRM focus areas
-
Foundational practices
-
Enterprise-wide practices
-
Risk management practices
-
Risk
-
Threats and vulnerabilities
-
-
Critical systems
-
-
-
Day 2 (AM):
-
C-SCRM control selection
-
C-SCRM control families
-
Access control
-
Awareness and training
-
Audit and accountability
-
Assessment, authorization, and monitoring
-
Configuration management
-
Contingency planning
-
Identification and authentication
-
Incident response
-
Maintenance
-
Media protection
-
Physical and environmental protection
-
Planning
-
Program management
-
Personnel security
-
Personally identifiable information processing and transparency
-
Risk assessment
-
System and services acquisition
-
System and communications protection
-
System and information integrity
-
Supply chain risk management
-
-
-
Day 2 (PM):
-
C-SCRM control summary mapping to NIST SP 800-53
-
C-SCRM control flow down to sub-contractors
-
C-SCRM implementation planning and strategies
-
Review
-
Exam
-