SecFrame Explorer
3/3
// Level 3 · Controls

Supply Chain Risk Management

NIST SP 800-53 Rev 5 Supply Chain Risk Management controls.

SR-01Medium

Policy and Procedures

Develop, document, and disseminate to [parameter]:

SR-02Medium

Supply Chain Risk Management Plan

Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of the following systems, system components or system services: [parameter];

SR-03Medium

Supply Chain Controls and Processes

Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of [parameter] in coordination with [parameter];

SR-04Medium

Provenance

Document, monitor, and maintain valid provenance of the following systems, system components, and associated data: [parameter].

SR-05Medium

Acquisition Strategies, Tools, and Methods

Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: [parameter].

SR-06Medium

Supplier Assessments and Reviews

Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide [parameter].

SR-07Medium

Supply Chain Operations Security

Employ the following Operations Security (OPSEC) controls to protect supply chain-related information for the system, system component, or system service: [parameter].

SR-08Medium

Notification Agreements

Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the [parameter].

SR-09Medium

Tamper Resistance and Detection

Implement a tamper protection program for the system, system component, or system service.

SR-10Medium

Inspection of Systems or Components

Inspect the following systems or system components [parameter] to detect tampering: [parameter].

SR-11Medium

Component Authenticity

Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and

SR-12Medium

Component Disposal

Dispose of [parameter] using the following techniques and methods: [parameter].