Supply Chain Risk Management (SR)

Establish and maintain unique identification of the following supply chain elements, processes, and personnel associated with the identified system and critical system components: [Assignment: organization-defined supply chain elements, processes, and personnel associated with organization-defined systems and critical system components].

Login

Supply Chain Risk Management (SR)

Establish and maintain unique identification of the following systems and critical system components for tracking through the supply chain: [Assignment: organization-defined systems and critical system components].

Login

Supply Chain Risk Management (SR)

Employ the following controls to validate that the system or system component received is genuine and has not been altered: [Assignment: organization-defined controls].

Login

Supply Chain Risk Management (SR)

Employ [Assignment: organization-defined controls] and conduct [Assignment: organization-defined analysis] to ensure the integrity of the system and system components by validating the internal composition and provenance of critical or mission-essential technologies, products, and services.

Login

Supply Chain Risk Management (SR)

Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: [Assignment: organization-defined acquisition strategies, contract tools, and procurement methods].

Login

Supply Chain Risk Management (SR)

Employ the following controls to ensure an adequate supply of [Assignment: organization-defined critical system components]: [Assignment: organization-defined controls].

Login

Supply Chain Risk Management (SR)

Assess the system, system component, or system service prior to selection, acceptance, modification, or update.

Login

Supply Chain Risk Management (SR)

Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide [Assignment: organization-defined frequency].

Login

Supply Chain Risk Management (SR)

Employ [Selection (one or more): organizational analysis; independent third-party analysis; organizational testing; independent third-party testing] of the following supply chain elements, processes, and actors associated with the system, system component, or system service: [Assignment: organization-defined supply chain elements, processes, and actors].

Login

Supply Chain Risk Management (SR)

Employ the following Operations Security (OPSEC) controls to protect supply chain-related information for the system, system component, or system service: [Assignment: organization-defined Operations Security (OPSEC) controls].

Login