{"id":285062,"date":"2026-07-02T15:59:00","date_gmt":"2026-07-02T19:59:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/02\/nist-updates-system-plan-guidance-for-security-privacy-supply-chain-risk-meritalk\/"},"modified":"2026-07-02T16:10:12","modified_gmt":"2026-07-02T20:10:12","slug":"nist-updates-system-plan-guidance-for-security-privacy-supply-chain-risk-meritalk","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/02\/nist-updates-system-plan-guidance-for-security-privacy-supply-chain-risk-meritalk\/","title":{"rendered":"NIST Updates System-Plan Guidance for Security, Privacy, Supply Chain Risk \u2013 MeriTalk"},"content":{"rendered":"<p><a href=\"https:\/\/www.meritalk.com\/articles\/nist-updates-system-plan-guidance-for-security-privacy-supply-chain-risk\/\">NIST Updates System-Plan Guidance for Security, Privacy, Supply Chain Risk \u2013 MeriTalk<\/a><\/p>\n<p><a href=\"https:\/\/www.meritalk.com\/articles\/nist-updates-system-plan-guidance-for-security-privacy-supply-chain-risk\/\">https:\/\/www.meritalk.com\/articles\/nist-updates-system-plan-guidance-for-security-privacy-supply-chain-risk\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-02 15:59:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.meritalk.com\">www.meritalk.com<\/a><\/p>\n<p>The National Institute of Standards and Technology (NIST) <strong>released<\/strong> updated system-planning guidance that broadens federal cybersecurity documentation to cover security, privacy, and cybersecurity supply chain risk management (C-SCRM).<\/p>\n<p>The revision \u2013 titled <strong>Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems<\/strong> \u2013 consolidates information on how organizations develop and maintain key risk management documentation for information systems.<\/p>\n<p>NIST said system plans consolidate information about assets, individuals, authorization boundaries, interconnected systems, data flows, responsible personnel, internal and external environments, and risk-management controls.<\/p>\n<p>Additionally, the updated elements are correlated with the steps and tasks of the NIST Risk Management Framework to provide a streamlined approach to system plan development.<\/p>\n<p>The update also points agencies and contractors toward machine-readable data formats to support automated data collection using widely deployed platforms including governance, risk, and compliance (GRC) tools; security orchestration, automation, and response (SOAR) platforms; and security information and event management (SIEM) systems.<\/p>\n<p>NIST said dashboards enabled by those platforms can support \u201cnear real time risk management decision-making and reduce the reliance on static, point-in-time documentation.\u201d<\/p>\n<p>NIST also included \u201ca suite of supplemental materials\u201d alongside the update:<\/p>\n<ul>\n<li>System Security Plan Outline Example: Structured guidance for documenting security requirements and controls<\/li>\n<li>System Privacy Plan Outline Example: Structured guidance for documenting privacy requirements and controls<\/li>\n<li>C-SCRM Plan Outline Example: Based on the C-SCRM plan template in SP 800-161r1<\/li>\n<li>System Plan Roles and Responsibilities: Updated guidance on identifying key personnel roles in system plan development and maintenance<\/li>\n<\/ul>\n<p>According to NIST, these templates will be especially helpful for organizations&#8230;<\/p>\n<p><a href=\"https:\/\/www.meritalk.com\/articles\/nist-updates-system-plan-guidance-for-security-privacy-supply-chain-risk\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NIST Updates System-Plan Guidance for Security, Privacy, Supply Chain Risk \u2013 MeriTalk https:\/\/www.meritalk.com\/articles\/nist-updates-system-plan-guidance-for-security-privacy-supply-chain-risk\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":285063,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.meritalk.com\/wp-content\/uploads\/2019\/11\/NIST-1-min.jpg","fifu_image_alt":"","footnotes":""},"categories":[16],"tags":[],"class_list":["post-285062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-privacy"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285062"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=285062"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285062\/revisions"}],"predecessor-version":[{"id":285064,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285062\/revisions\/285064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/285063"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=285062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=285062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=285062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}