Skip to main content

πŸ’Ό SR-2 Supply Chain Risk Management Plan

  • Contextual name: πŸ’Ό SR-2 Supply Chain Risk Management Plan
  • ID: /frameworks/nist-sp-800-53-r5/sr/02
  • Located in: πŸ’Ό SR Supply Chain Risk Management

Description​

a. Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of the following systems, system components or system services: [Assignment: organization-defined systems, system components, or system services]; b. Review and update the supply chain risk management plan [Assignment: organization-defined frequency] or as required, to address threat, organizational or environmental changes; and c. Protect the supply chain risk management plan from unauthorized disclosure and modification.

Similar​

  • Internal
    • ID: dec-c-e25d0f35

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SR-2 Supply Chain Risk Management Plan (L)(M)(H)1
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SR-2 Supply Chain Risk Management Plan (L)(M)(H)1
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.RM-01: Risk management objectives are established and agreed to by organizational stakeholders
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.RM-04: Strategic direction that describes appropriate risk response options is established and communicated
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-01: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-02: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities1
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-04: Inventories of services provided by suppliers are maintained
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved3

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SR-2(1) Supply Chain Risk Management Plan _ Establish SCRM Team