1.8 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
sr-6 - [catalog] Supplier Assessments and Reviews
Control Statement
Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide frequency.
Control guidance
An assessment and review of supplier risk includes security and supply chain risk management processes, foreign ownership, control or influence (FOCI), and the ability of the supplier to effectively assess subordinate second-tier and third-tier suppliers and contractors. The reviews may be conducted by the organization or by an independent third party. The reviews consider documented processes, documented controls, all-source intelligence, and publicly available information related to the supplier or contractor. Organizations can use open-source information to monitor for indications of stolen information, poor development and quality control practices, information spillage, or counterfeits. In some cases, it may be appropriate or required to share assessment and review results with other organizations in accordance with any applicable rules, policies, or inter-organizational agreements or contracts.
Control assessment-objective
the supply chain-related risks associated with suppliers or contractors and the systems, system components, or system services they provide are assessed and reviewed frequency.
What is the solution and how is it implemented?
Add control implementation description here for control sr-6