Reporting Requirements
Per SR-2 of NIST SP 800-53, organizations are to “Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of the following systems, system components or system services…”
As a federal contractor supporting the DoD, or any other government agency, you need a Supply Chain Risk Management Plan.
As a federal contractor supporting the DoD, or any other government agency, you need a Supply Chain Risk Management Plan.
Key Elements of a Successful Supply Chain Risk Management Plan
Per NIST SP 800-53, “Because supply chains can differ significantly across and within organizations, SCRM plans are tailored to the individual program, organizational, and operational contexts. Tailored SCRM plans provide the basis for determining whether a technology, service, system component, or system is fit for purpose, and as such, the controls need to be tailored accordingly. As such, a meaningful - and successful - supply chain risk management plan comes down to (1). Scoping. (2). Planning. And (3). Execution.
How to Get Started
Start by downloading our world-class NIST RMF Security and Privacy Policies and Procedures templates at the Arlington Security Portal (ASP).
