💼 SR-5 Acquisition Strategies, Tools, and Methods
- Contextual name: 💼 SR-5 Acquisition Strategies, Tools, and Methods
- ID:
/frameworks/nist-sp-800-53-r5/sr/05
- Located in: 💼 SR Supply Chain Risk Management
Description​
Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: [Assignment: organization-defined acquisition strategies, contract tools, and procurement methods].
Similar​
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| 💼 FedRAMP High Security Controls → 💼 SR-5 Acquisition Strategies, Tools, and Methods (L)(M)(H) | | | | |
| 💼 FedRAMP Low Security Controls → 💼 SR-5 Acquisition Strategies, Tools, and Methods (L)(M)(H) | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered | | | 7 | |
| 💼 NIST CSF v2.0 → 💼 GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated | | | 3 | |
| 💼 NIST CSF v2.0 → 💼 GV.SC-05: Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement | | | | |
| 💼 NIST CSF v2.0 → 💼 ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles | | | 21 | |
| 💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations | | | 20 | |
| 💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties | | | 33 | |
| 💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities | | | 34 | |
| 💼 NIST CSF v2.0 → 💼 ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use | | | 4 | |
Sub Sections​