Skip to content

Supply Chain Risk

A secure cloud service offering will understand, monitor, and manage supply chain risks from third-party information resources.

Mitigating Supply Chain Risk

KSI-SCR-MIT

Former ID: KSI-TPR-03

Changelog:

  • 2026-02-04: Renamed theme to Supply Chain Risk; removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

Persistently identify, review, and mitigate potential supply chain risks.

Related SP 800-53 Controls: AC-20, RA-3.1, SA-9, SA-10, SA-11, SA-15.3, SA-22, SI-7.1, SR-5, SR-6, CA-7.4, SC-18

Terms: Persistently

Monitoring Supply Chain Risk

KSI-RSC-MON

Former ID: KSI-TPR-04

Changelog:

  • 2026-02-04: Renamed theme to Supply Chain Risk; removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

Automatically monitor third party software information resources for upstream vulnerabilities using mechanisms that may include contractual notification requirements or active monitoring services.

Related SP 800-53 Controls: AC-20, CA-3, IR-6.3, PS-7, RA-5, SA-9, SI-5, SR-5, SR-6, SR-8

Terms: Information Resource, Vulnerability