Supply Chain Risk¶

Persistently identify, review, and mitigate potential supply chain risks.

Related SP 800-53 Controls: AC-20, RA-03 (01), SA-09, SA-10, SA-11, SA-15 (03), SA-22, SI-07 (01), SR-05, SR-06, CA-07 (04), SC-18

Terms: Persistently

Third party software information resources are automatically monitored for upstream vulnerabilities using mechanisms that may include contractual notification requirements or active monitoring services.

Related SP 800-53 Controls: AC-20, CA-03, IR-06 (03), PS-07, RA-05, SA-09, SI-05, SR-05, SR-06, SR-08

Terms: Information Resource, Vulnerability