Supply Chain Risk Management Plan (SR-2)

Have Questions?
Talk to an ASP Expert at 703-254-3202

Description: In-depth, comprehensive, professionally developed Supply Chain Risk Management Plan that includes measures relating to all aspects of supply chain measures as required by SR-2 of NIST SP 800-53, Revision 5. 

The Supply Chain Risk Management Plan includes the following sections:

  • Supply Chain Risk Management Policy and Procedures [NIST SR-1]
  • Supply Chain Risk Management Plan [NIST SR-2]
  • Supply Chain Controls and Processes [NIST SR-3]
  • Provenance [NIST SR-4]
  • Acquisition Strategies, Tools, and Methods [NIST SR-5]
  • Supplier Assessments and Reviews [NIST SR-6]
  • Supply Chain Operations Security [NIST SR-7]
  • Notification Agreements [NIST SR-8]
  • Tamper Resistance and Detection [NIST SR-9]
  • Inspection of System Components [NIST SR-10]
  • Component Authenticity [NIST SR-11]
  • Component Disposal [NIST SR-12]
  • Diversification of Supplier Base
  • Attack Surface Area Reduction
  • Risk Assessments
  • Supply Chain Visibility 
  • Third-Party Risk Management
  • Collaboration with Security and Privacy
  • Continuous Monitoring
  • Awareness and Training
  • Incident Response
  • Awareness & Accountability

Specifications: Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.

Control Family: Supply Chain Risk Management (SR).

Control Mapping: SR-2.

Security Control Baseline Coverage: Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).

Direct Compliance Use: FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.

Format: MS Word document (.docx).

Length: 18 pages.

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.


What Our Customers Are Saying


Companies Who Trust Us