💼 SR-3 Supply Chain Controls and Processes (L)(M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/sr/03
Description​
a. Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of [Assignment: organization-defined system or system component] in coordination with [Assignment: organization-defined supply chain personnel];
b. Employ the following controls to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events: [Assignment: organization-defined supply chain controls]; and
c. Document the selected and implemented supply chain processes and controls in [Selection: security and privacy plans; supply chain risk management plan [Assignment: organization-defined document]].
SR-3 Additional FedRAMP Requirements and Guidance:
Requirement: CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary.
Similar​
- Sections
/frameworks/fedramp-high-security-controls/sr/03
- Internal
- ID:
dec-c-e45d4a81
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 SR-3 Supply Chain Controls and Processes (L)(M)(H) | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|