zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-03 00:12:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/sr-3.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

3.3 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

sr-3 - [catalog] Supply Chain Controls and Processes

Control Statement

  • [a] Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of system or system component in coordination with supply chain personnel;

  • [b] Employ the following controls to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events: supply chain controls ; and

  • [c] Document the selected and implemented supply chain processes and controls in No value found.

Control guidance

Supply chain elements include organizations, entities, or tools employed for the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of systems and system components. Supply chain processes include hardware, software, and firmware development processes; shipping and handling procedures; personnel security and physical security programs; configuration management tools, techniques, and measures to maintain provenance; or other programs, processes, or procedures associated with the development, acquisition, maintenance and disposal of systems and system components. Supply chain elements and processes may be provided by organizations, system integrators, or external providers. Weaknesses or deficiencies in supply chain elements or processes represent potential vulnerabilities that can be exploited by adversaries to cause harm to the organization and affect its ability to carry out its core missions or business functions. Supply chain personnel are individuals with roles and responsibilities in the supply chain.

Control assessment-objective

a process or processes is/are established to identify and address weaknesses or deficiencies in the supply chain elements and processes of system or system component; the process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of system or system component is/are coordinated with supply chain personnel; supply chain controls are employed to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events; the selected and implemented supply chain processes and controls are documented in No value found.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item sr-3_smt.a

Implementation b.

Add control implementation description here for item sr-3_smt.b

Implementation c.

Add control implementation description here for item sr-3_smt.c