2.4 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
ra-3.1 - [catalog] Supply Chain Risk Assessment
Control Statement
-
[a] Assess supply chain risks associated with systems, system components, and system services ; and
-
[b] Update the supply chain risk assessment frequency , when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.
Control guidance
Supply chain-related events include disruption, use of defective components, insertion of counterfeits, theft, malicious development practices, improper delivery practices, and insertion of malicious code. These events can have a significant impact on the confidentiality, integrity, or availability of a system and its information and, therefore, can also adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation. The supply chain-related events may be unintentional or malicious and can occur at any point during the system life cycle. An analysis of supply chain risk can help an organization identify systems or components for which additional supply chain risk mitigations are required.
Control assessment-objective
supply chain risks associated with systems, system components, and system services are assessed; the supply chain risk assessment is updated frequency , when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.
What is the solution and how is it implemented?
Implementation (a)
Add control implementation description here for item ra-3.1_smt.a
Implementation (b)
Add control implementation description here for item ra-3.1_smt.b