Description: In-depth, comprehensive, professionally developed Supply Chain Risk Management Plan that includes measures relating to all aspects of supply chain measures as required by SR-2 of NIST SP 800-53, Revision 5.
The Supply Chain Risk Management Plan includes the following sections:
Supply Chain Risk Management Policy and Procedures [NIST SR-1]
Supply Chain Risk Management Plan [NIST SR-2]
Supply Chain Controls and Processes [NIST SR-3]
Provenance [NIST SR-4]
Acquisition Strategies, Tools, and Methods [NIST SR-5]
Supplier Assessments and Reviews [NIST SR-6]
Supply Chain Operations Security [NIST SR-7]
Notification Agreements [NIST SR-8]
Tamper Resistance and Detection [NIST SR-9]
Inspection of System Components [NIST SR-10]
Component Authenticity [NIST SR-11]
Component Disposal [NIST SR-12]
Diversification of Supplier Base
Attack Surface Area Reduction
Supply Chain Visibility
Third-Party Risk Management
Collaboration with Security and Privacy
Awareness and Training
Awareness & Accountability
Specifications:Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.
Control Family: Supply Chain Risk Management (SR).
Security Control Baseline Coverage:Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).
Direct Compliance Use:FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.