πΌ SR-3 Supply Chain Controls and Processes (L)(M)(H)
- Contextual name: πΌ SR-3 Supply Chain Controls and Processes (L)(M)(H)
- ID:
/frameworks/fedramp-low-security-controls/sr/03 - Located in: πΌ Supply Chain Risk Management
Descriptionβ
a. Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of [Assignment: organization-defined system or system component] in coordination with [Assignment: organization-defined supply chain personnel];
b. Employ the following controls to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events: [Assignment: organization-defined supply chain controls]; and
c. Document the selected and implemented supply chain processes and controls in [Selection: security and privacy plans; supply chain risk management plan [Assignment: organization-defined document]].
SR-3 Additional FedRAMP Requirements and Guidance:
Requirement: CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sr/03/frameworks/fedramp-high-security-controls/sr/03
- Internal
- ID:
dec-c-e45d4a81
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ SR-3 Supply Chain Controls and Processes (L)(M)(H) | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ SR-3 Supply Chain Controls and Processes | 3 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|