Deputy Chief of the Computer Security Division
NIST Cyber Supply Chain Risk Management Plan Discussion
Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs. He also leads NIST’s Cyber Supply Chain Risk Management (C-SCRM) Program, helps develop and coordinate the Department of Commerce's cybersecurity policy among the Department’s bureaus, and represents the Department in the Administration’s interagency cybersecurity policy process. Boyens has worked on various White House-led initiatives, including those on trusted identities, botnets, the Cybersecurity Framework and Roadmap, telecommunications supply chain, software supply chain, and government-wide implementation of the Federal Acquisition Supply Chain Security Act, serving as NIST’s principal to the Federal Acquisition Security Council.
Since 2010, Boyens has conducted research to identify, evaluate and develop technologies, tools, techniques, practices, and standards needed to enable organizations to manage supply chain risk. Building on this research, he led a team to develop and issue a set of foundational, standardized, repeatable, and feasible practices to help organizations manage cyber supply chain risks to their organizations and systems. These practices were released in 2015 as NIST Special Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. Continuing this line, Boyens has since released research and findings on criticality analysis and industry key practices for Cybersecurity SCRM. He is currently in the process of updating SP 800-161, working on software supply chain aspects of EO 14028, and leading the recently announced public-private partnership, the National Initiative for Improving Cybersecurity in Supply Chains.