The agency has spent years revising guidance for organizations to address vulnerabilities presented by vendors of software and other enterprise suppliers.
Article Link: https://www.nextgov.com/cybersecurity/2022/05/nists-supply-chain-security-guidance-tells-agencies-look-fedramp-first/366564/