Reporting Requirements
Per NIST SP 800-53, “The SCRM plan (at the system-level) is implementation specific, providing policy implementation, requirements, constraints and implications. It can either be stand-alone, or incorporated into system security and privacy plans. The SCRM plan addresses managing, implementation, and monitoring of SCRM controls and the development/sustainment of systems across the SDLC to support mission and business functions.”
Specifically, Per SR-2 of NIST SP 800-53, organizations are to “Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing…”. The keyword here is “develop”, which means you need a policy and procedure for SR-R.
Specifically, Per SR-2 of NIST SP 800-53, organizations are to “Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing…”. The keyword here is “develop”, which means you need a policy and procedure for SR-R.
How to Get Started
Start by downloading our world-class NIST RMF Security and Privacy Policies and Procedures templates at the Arlington Security Portal (ASP).
