Skip to main content

πŸ’Ό SR-5 Acquisition Strategies, Tools, and Methods

  • Contextual name: πŸ’Ό SR-5 Acquisition Strategies, Tools, and Methods
  • ID: /frameworks/nist-sp-800-53-r5/sr/05
  • Located in: πŸ’Ό SR Supply Chain Risk Management

Description​

Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: [Assignment: organization-defined acquisition strategies, contract tools, and procurement methods].

Similar​

  • Internal
    • ID: dec-c-76f7bc16

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SR-5 Acquisition Strategies, Tools, and Methods (L)(M)(H)
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SR-5 Acquisition Strategies, Tools, and Methods (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated4
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-05: Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles3
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations10
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties23
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities24
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SR-5(1) Acquisition Strategies, Tools, and Methods _ Adequate Supply
πŸ’Ό SR-5(2) Acquisition Strategies, Tools, and Methods _ Assessments Prior to Selection, Acceptance, Modification, or Update