What does the NCSP® 800-161 Awareness course cover?

It introduces NIST SP 800-161 and the principles of cybersecurity supply chain risk management, including supplier risk identification and lifecycle integration.

Who is this course for?

Procurement teams, risk managers, security professionals, and anyone involved in supplier assurance.

Do I receive certification?

Yes. The NCSP® 800-161 Awareness Certificate is issued upon completion.

NIST Cybersecurity Professional®
NCSP® 800-161 Awareness Certificate

Build Awareness of NIST SP 800‑161: Cybersecurity Supply Chain Risk Management

NIST Cybersecurity Professional®

NCSP® 800-161 Awareness Certificate

Course Description

NIST Special Publication 800‑161, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, provides comprehensive guidance for identifying, assessing, and managing cybersecurity risks throughout the supply chain. It supports organisations in protecting systems, components, and services acquired from external providers.

The NCSP® 800‑161 Awareness Certificate is a half‑day, instructor‑led course offering a concise introduction to the purpose, structure, and strategic value of NIST SP 800‑161. Designed for executives, managers, procurement teams, and stakeholders, this course explains how supply‑chain cybersecurity risks emerge, how they impact organisational resilience, and how 800‑161 provides a structured approach to managing them, without requiring technical or assessor‑level expertise.

Participants gain a high‑level understanding of C‑SCRM concepts, organisational roles, risk processes, and how 800‑161 integrates with CSF 2.0, RMF (800‑37), 800‑53, and broader digital trust frameworks.

What You Will Learn

Participants gain essential awareness‑level knowledge of NIST SP 800‑161. You will learn:

The purpose, scope, and evolution of NIST SP 800‑161.
How cybersecurity supply‑chain risks emerge and propagate.
Key C‑SCRM concepts, including suppliers, integrators, developers, and service providers.
The structure of the 800‑161 controls and organisational practices.
Roles and responsibilities across procurement, security, and governance.
How 800‑161 aligns with CSF 2.0, RMF, 800‑53, and federal supply‑chain requirements.

Course Agenda

Module 1: Introduction to NIST SP 800‑161 & Cybersecurity Supply Chain Risk Management

A high‑level overview of NIST SP 800‑161, its purpose, and its role in managing cybersecurity risks across the supply chain. Introduces key C‑SCRM concepts, risk sources, and the importance of supply‑chain assurance.

Module 2: Structure of the 800‑161 Controls & C‑SCRM Practices

An awareness‑level introduction to the organisation of the 800‑161 controls and practices, including:
- C‑SCRM control families
- Integration with NIST SP 800‑53 controls
- Organisational, operational, and technical practices
Explains how organisations use these elements to build a resilient supply‑chain security programme.

Module 3: Roles, Responsibilities & Governance for Supply‑Chain Security

A concise overview of key roles involved in C‑SCRM, including procurement teams, system owners, security managers, risk executives, and suppliers. Covers governance structures that support accountability, due diligence, contract requirements, and continuous monitoring.

Module 4: Applying NIST 800‑161 in Practice - Alignment, Use Cases & Continuous Improvement

An introduction to how organisations apply 800‑161 in real‑world environments. Covers alignment with CSF 2.0, RMF (800‑37), 800‑53 controls, federal acquisition requirements, and sector‑specific supply‑chain mandates.

Learning Outcomes

Participants will be able to:

Describe the purpose and structure of NIST SP 800‑161.
Explain key C‑SCRM concepts and why supply‑chain security matters.
Understand the structure of 800‑161 controls and practices at an awareness level.
Recognise key roles and responsibilities in supply‑chain cybersecurity.
Identify how 800‑161 aligns with CSF 2.0, RMF, 800‑53, and federal requirements.
Communicate the strategic value of supply‑chain risk management to stakeholders and teams.

Who Should Attend?

This course is designed for professionals who need a foundational understanding of cybersecurity supply‑chain risk, including:

Executives & Senior Leaders
Procurement & Vendor Management Teams
Business & System Owners
Governance, Risk & Compliance (GRC) Stakeholders
Programme & Project Managers
Security & Privacy Managers
Anyone seeking an introduction to C‑SCRM principles

Prerequisites

There are no prerequisites for this Awareness‑level course. No technical background is required.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-161 Awareness Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-161 Awareness Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-161 Awareness Certificate digital badge.

Enrol Today

This NCSP 800‑161 Awareness course provides students with an essential understanding of cybersecurity supply‑chain risks and the C‑SCRM practices defined in NIST SP 800‑161.