πΌ SR-8 Notification Agreements (L)(M)(H)
- Contextual name: πΌ SR-8 Notification Agreements (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/sr/08 - Located in: πΌ Supply Chain Risk Management
Descriptionβ
Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the [FedRAMP Assignment: notification of supply chain compromises and results of assessment or audits].
SR-8 Additional FedRAMP Requirements and Guidance:
Requirement: CSOs must ensure and document how they receive notifications from their supply chain vendor of newly discovered vulnerabilities including zero-day vulnerabilities.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sr/08
- Internal
- ID:
dec-c-032b0601
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ SR-8 Notification Agreements |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ SR-8 Notification Agreements (L)(M)(H) | ||||
| πΌ FedRAMP Moderate Security Controls β πΌ SR-8 Notification Agreements (L)(M)(H) |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|