Supply Chain Risk Management Plan (SR-2)

Description: In-depth, comprehensive, professionally developed Supply Chain Risk Management Plan that includes measures relating to all aspects of supply chain measures as required by SR-2 of NIST SP 800-53, Revision 5. 

The Supply Chain Risk Management Plan includes the following sections:

• Supply Chain Risk Management Policy and Procedures [NIST SR-1]
• Supply Chain Risk Management Plan [NIST SR-2]
• Supply Chain Controls and Processes [NIST SR-3]
• Provenance [NIST SR-4]
• Acquisition Strategies, Tools, and Methods [NIST SR-5]
• Supplier Assessments and Reviews [NIST SR-6]
• Supply Chain Operations Security [NIST SR-7]
• Notification Agreements [NIST SR-8]
• Tamper Resistance and Detection [NIST SR-9]
• Inspection of System Components [NIST SR-10]
• Component Authenticity [NIST SR-11]
• Component Disposal [NIST SR-12]
• Diversification of Supplier Base
• Attack Surface Area Reduction
• Risk Assessments
• Supply Chain Visibility 
• Third-Party Risk Management
• Collaboration with Security and Privacy
• Continuous Monitoring
• Awareness and Training
• Incident Response
• Awareness & Accountability

Specifications: Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.

Control Family: Supply Chain Risk Management (SR).

Control Mapping: SR-2.

Security Control Baseline Coverage: Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).

Direct Compliance Use: FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.

Format: MS Word document (.docx).

Length: 18 pages.