In response to the impact of the coronavirus on the global supply chain, the National Institute of Standards and Technology (NIST) has developed a prototype tool that measures an organization’s vulnerability to cyber supply chain (IT, cyber and digital supply networks) risks.

The tool, called the Cyber Supply Chain Risk Management (C-SCRM) Interdependency Tool, breaks down an organization’s projects, products and suppliers into so-called “nodes,” which are ranked according to their importance based on an examination of each node’s metrics — for instance, the level of access a node has to the organization’s IT network, data and physical facilities.

According to the NIST, determining the nodes most important to an organization’s supply chain enables visibility to understand what impact a disruption within a specific node might mean for the organization. As such, organizations could potentially use that data to take risk-mitigating steps, thereby reducing the impact of a disruption to the organization’s supply chain.

The tool is intended as a complement to other existing tools for measuring supply chain risk including enterprise resource planning, third party management and supply chain management efforts.

The NIST is calling for comments on the tool to help further develop future iterations of the software.

To contact the author of this article, email