Supply Chain Risk¶

Persistently identify, review, and mitigate potential supply chain risks.

Related SP 800-53 Controls: AC-20, RA-3.1, SA-9, SA-10, SA-11, SA-15.3, SA-22, SI-7.1, SR-5, SR-6, CA-7.4, SC-18

Terms: Persistently

Third party software information resources are automatically monitored for upstream vulnerabilities using mechanisms that may include contractual notification requirements or active monitoring services.

Related SP 800-53 Controls: AC-20, CA-3, IR-6.3, PS-7, RA-5, SA-9, SI-5, SR-5, SR-6, SR-8

Terms: Information Resource, Vulnerability