Mechanisms exist to publish integrity verification information for software releases.
Mechanisms exist to archive software releases and all of their components (e.g., code, package files, third-party libraries, documentation) to maintain integrity verification information.
Mechanisms exist to escrow source code and supporting documentation to ensure software availability in the event the software provider goes out of business or is unable to provide support.
Mechanisms exist to facilitate the implementation of third-party management controls.
Mechanisms exist to maintain a current, accurate and complete list of External Service Providers (ESPs) that can potentially impact the Confidentiality, Integrity, Availability and/or Safety (CIAS) of the organization's systems, applications, services and data.
Mechanisms exist to identify, prioritize and assess suppliers and partners of critical systems, components and services using a supply chain risk assessment process relative to their importance in supporting the delivery of high-value services.
Mechanisms exist to evaluate security risks associated with the services and product supply chain.
Mechanisms exist to utilize tailored acquisition strategies, contract tools and procurement methods for the purchase of unique systems, system components or services.
Mechanisms exist to utilize security safeguards to limit harm from potential adversaries who identify and target the organization's supply chain.
Mechanisms exist to address identified weaknesses or deficiencies in the security of the supply chain
Passcode