Hernandez also referencedNIST Special Publication 800-161, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,”which sets the standards for ensuring the security of software through the supply chain, including maintaining inventories on the software being deployed ...