Cybersecurity Briefing — NIST issues SP 800-161 Rev.1 on supply chain risk management

On 5 May 2022 NIST released SP 800-161 Revision 1, expanding cybersecurity supply chain risk management practices for federal agencies and critical suppliers in line with EO 14028.

Zeph Tech Research Lead

Research lead, Zeph Tech

Publication date and credibility emphasis for this briefing. Source data (JSON)

NIST published Special Publication 800-161 Revision 1 on 5 May 2022, updating guidance for Cybersecurity Supply Chain Risk Management (C-SCRM). The revision aligns with Executive Order 14028, adds threat-informed controls for open-source and third-party software, and introduces tiered implementation guidance for federal agencies and suppliers.

Security and procurement teams should integrate the new controls into acquisition language, SBOM and vulnerability disclosure expectations, and third-party risk assessments, especially where federal customers impose C-SCRM requirements.

NIST announcement summarizes new C-SCRM practices and EO 14028 alignment.
SP 800-161 Rev.1 publication provides the full control catalog and implementation guidance.

Single-point timeline showing the publication date sized by credibility score. — Publication date and credibility emphasis for this briefing. Source data (JSON)

Visit pillar hub

Latest guides

Cybersecurity Operations Playbook — Zeph Tech
Use Zeph Tech research to align NIST CSF 2.0, CISA KEV deadlines, and sector mandates across threat intelligence, exposure management, and incident response teams.

Related briefings

Cybersecurity Directive Political Agreement — May 13, 2022

OpenSSL 3.0.7 Critical Update — Response and Assurance Checklist

EU NIS2 Directive Published in Official Journal — December 27, 2022

EU DORA Regulation Enters into Force — January 16, 2023

NIST Releases Cybersecurity Framework 2.0 — February 26, 2024

Continue in the Cybersecurity pillar

Latest guides