Analysis of Proposed NIST Framework on Software Supply Chain Risks for Companies

  • Pramod Misra, Neha Tiwari


Background: Information and Communications Technology (ICT) and operational technology (OT) relies on a complicated, widely dispersed, intricate, and interrelated supply chain ecosystem that is made up of numerous layers of outsourcing and routed through various geographic regions. The National Institute of Standards and Technology (NIST) Cybersecurity Supply Chain Risk Management (C-SCRM) program assists enterprises in managing the rising risk of purposeful or inadvertent supply chain compromise connected to cybersecurity. 

Aims and Objectives: To find out the applicability of NIST framework in software supply chain for companies. 

Methods: For software developers and producers, it is essential to follow the basic set of high-level safe software development standards outlined in SSDF V1.1. Many of these developments have come to light as a result of the publishing of Executive Order (EO) 14028 and publications from various industries. We analysed various literature put forward by different organizations. 

Results: Accenture outlined the essential conditions for safeguarding SW source code. More efficient system-oriented architectures can successfully combat large-scale breaches that result in the revealing of customer and commercial information as well as ransomware assaults. By exposing a complete list of software components in the finished products, including third-party binaries and problems introduced in the build stage like improper compiler defence options and build environments. 

Conclusion:The study concludes NIST is sufficiently helping companies for avoiding cyber threats and deal with daily cyber risks. Regular upgradation will keep NIST active and capable of serving small companies in dealing with cyber threats.

How to Cite
Pramod Misra, Neha Tiwari. (2021). Analysis of Proposed NIST Framework on Software Supply Chain Risks for Companies. International Journal of Advanced Science and Technology, 30(01), 294 -. Retrieved from