Practices for Managing Supply Chain Risks to Protect Federal Information Systems | NIST

Many organizations rely on complex information systems that are composed of hardware, software, and firmware products developed by different system developers, suppliers, and integrators. The information and communications technology (ICT) supply chain is a globally distributed, interconnected set of organizations, people, processes, products, and services. It extends across the full system development life cycle (SDLC) including research and development (R&D), design, development, acquisition of custom or commercial off-the-shelf (COTS) products, delivery, integration, operations, and disposal/retirement.