NIST SP 1326 and Penzzer
NIST SP 1326 gives acquirers a structured method for investigating ICT supplier and product risk before and during a commercial relationship. Its scope extends well beyond technical testing, covering FOCI, provenance, organisational resilience, cyber practices, and multi-tier supply chains. For that reason, Penzzer should not be presented as satisfying the publication in its entirety. Its strongest role is more specific and more valuable: Penzzer supplies independent, repeatable, product-level evidence for the technical portions of due diligence.




