We recommend that the CIO review applicable NIST documentation and update the related SCRM policies and strategy accordingly while also ensuring leadership with SCRM roles and responsibilities perform a thorough review of the policy.