How long is the NCSP 800-161 Foundation course?

This is a 2-day instructor-led course.

Who should attend this supply chain risk course?

It is ideal for procurement teams, cybersecurity professionals, risk managers, and supply chain leaders.

Are there prerequisites for this course?

No prerequisites are required for this Foundation-level course.

Do participants receive certification?

Yes, attendees receive the NCSP 800-161 Foundation Certificate and digital badge.

NIST Cybersecurity Professional®
NCSP® 800-161 Foundation Certificate

Build Supply Chain Resilience with the NIST SP 800‑161 Rev. 1 Framework

NIST Cybersecurity Professional®

NCSP® 800-161 Foundation Certificate

Course Description

Modern organisations rely on complex, globally distributed supply chains. This interconnected ecosystem introduces systemic risks that can compromise confidentiality, integrity, availability, and even national security. Managing these risks requires more than vendor questionnaires, it demands a structured, lifecycle‑driven approach aligned with NIST best practices.

The NCSP® 800‑161 Foundation Certificate is a 2‑day, instructor‑led course that provides a comprehensive introduction to NIST Special Publication 800‑161 Rev. 1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.

This course teaches participants how to integrate Supply Chain Risk Management (SCRM) into enterprise risk programs, procurement processes, system development lifecycles, and the NIST Cybersecurity Framework (CSF) 2.0. The training emphasises practical governance, due diligence, and continuous monitoring techniques that strengthen resilience across the entire supply chain.

What You Will Learn

Participants gain foundational knowledge required to design, implement, and manage a cybersecurity supply chain risk management capability. You will learn:

How to align SCRM practices with the NIST CSF 2.0 (Identify, Protect, Detect, Respond, Recover).
The essential components of an organizational SCRM strategy, policy, and governance model.
How to apply NIST 800‑161 controls and outcomes across the system lifecycle, from acquisition to disposal.
Techniques for assessing supplier risk, evaluating criticality, and managing third‑party dependencies.
How to integrate SCRM into procurement, contracting, and vendor oversight processes.
Approaches for continuous monitoring, threat intelligence integration, and incident coordination involving suppliers.

Course Agenda

Day 1: SCRM Strategy, Governance & Foundational Practices

Module 1: Introduction to NIST SP 800‑161

Understanding the evolution of SCRM guidance, its relationship to NIST CSF 2.0, and its role in modern cybersecurity.

Module 2: SCRM Governance & Policy

Establishing organisational authority, roles, responsibilities, and resources for a formal SCRM program.

Module 3: Organisational SCRM Foundations

Building enterprise‑level SCRM capabilities, including risk appetite, criticality analysis, and integration with ERM.

Module 4: System‑Level SCRM Integration

Applying SCRM practices across the system lifecycle, planning, design, development, acquisition, deployment, and maintenance.

Day 2: Supplier Risk, Monitoring & Operational Integration

Module 5: Supplier Risk Assessment & Due Diligence

Evaluating supplier trustworthiness, security posture, and dependency risk using NIST 800‑161 methods.

Module 6: Contracting & Procurement Controls

Embedding SCRM requirements into acquisition processes, contracts, SLAs, and performance monitoring.

Module 7: Continuous Monitoring & Threat‑Informed Oversight

Implementing ongoing supplier monitoring, intelligence‑driven risk updates, and performance validation.

Module 8: Incident Response & Supply Chain Coordination

Managing incidents involving suppliers, coordinating with external stakeholders, and integrating lessons learned into SCRM improvements.

Learning Outcomes

Participants will be able to:

Demonstrate how to integrate SCRM practices with the NIST Cybersecurity Framework 2.0, particularly within the Identify and Protect functions.
Identify and describe the organisational, operational, and technical requirements for implementing NIST 800‑161 Rev. 1 controls and outcomes.
Define the governance structures, policies, and processes required to establish a mature SCRM capability.
Assess supplier and system‑level risks using NIST‑aligned methodologies, including criticality analysis and dependency mapping.
Apply continuous monitoring and threat‑informed oversight to maintain supply chain resilience.
Translate SCRM insights into actionable improvements that strengthen enterprise‑wide cybersecurity posture.

Who Should Attend?

This course is designed for professionals responsible for managing cybersecurity, procurement, or risk across complex supply chains, including:

Cybersecurity & Risk Management Professionals
Supply Chain Managers & Procurement Officers
Vendor Management & Third‑Party Risk Teams
Systems Engineers & Architects
Compliance, Audit, and Governance Personnel
Program & Project Managers overseeing technology acquisition

Prerequisites

There are no formal prerequisites for this Foundation‑level course, though a basic understanding of cybersecurity concepts and the NIST CSF is recommended.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-161 Foundation Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-161 Foundation Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-161 Foundation Certificate digital badge.

Enrol Today

Gain the knowledge to build and manage a NIST‑aligned Cybersecurity Supply Chain Risk Management (C‑SCRM) programme that strengthens supplier assurance.