Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs. He also leads NIST’s Cyber Supply Chain Risk Management (C-SCRM) Program, helps develop and coordinate the Department of Commerce's cybersecurity policy among the Department’s bureaus, and represents the Department in the Administration’s interagency cybersecurity policy process. Boyens has worked on various White House-led initiatives, including those on trusted identities, botnets, the Cybersecurity Framework and Roadmap, telecommunications supply chain, software supply chain, and government-wide implementation of the Federal Acquisition Supply Chain Security Act, serving as NIST’s principal to the Federal Acquisition Security Council.

Since 2010, Boyens has conducted research to identify, evaluate and develop technologies, tools, techniques, practices, and standards needed to enable organizations to manage supply chain risk. Building on this research, he led a team to develop and issue a set of foundational, standardized, repeatable, and feasible practices to help organizations manage cyber supply chain risks to their organizations and systems. These practices were initially released in 2015 and updated in May 2022 as NIST Special Publication 800-161 Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. Continuing this line, Boyens has also released research and findings on criticality analysis and industry key practices for Cybersecurity SCRM. He is currently working on software supply chain aspects of EO 14028, Open Source Software, and leading NIST’s public-private partnership, the National Initiative for Improving Cybersecurity in Supply Chains.