The US National Institute of Standards and Technology (NIST) releases cybersecurity supply chain risk management practices for systems and organizations. This document updates guidance on identifying, assessing, and responding to cybersecurity risks throughout the supply chain at all levels of an organization. The publication also encourages organizations to consider the vulnerabilities of their finished products and their individual components, which may have been produced elsewhere.