|
controlPM-30
Supply Chain Risk Management Strategy (PM-30)
Develop an organization-wide strategy for managing supply chain risks associated with the development, acquisition, maintenance, and disposal of systems, system components, and system services; Implement the supply chain risk management strategy consistently across the organization; and Review and update the supply chain risk management strategy on [organization-defined] or as required, to address organizational changes.
program-managementgovernancestrategy
Why These Connect
Supports20
These related controls work together — a change to one may affect the others.
Enhances1
These enhancements add specific capabilities or refinements to the base control.
Related Controls(15)
CM-10Software Usage Restrictions (CM-10)
LMH
PM-1Information Security Program Plan (PM-1)PM-9Risk Management Strategy (PM-9)SR-1Policy and Procedures (SR-1)LMH
SR-2Supply Chain Risk Management Plan (SR-2)LMH
SR-3Supply Chain Controls and Processes (SR-3)LMH
SR-4Provenance (SR-4)SR-5Acquisition Strategies, Tools, and Methods (SR-5)LMH
SR-6Supplier Assessments and Reviews (SR-6)MH
SR-7Supply Chain Operations Security (SR-7)SR-8Notification Agreements (SR-8)LMH
SR-9Tamper Resistance and Detection (SR-9)H
SR-11Component Authenticity (SR-11)LMH
SA-24Design For Cyber Resiliency (SA-24)SR-10Inspection of Systems or Components (SR-10)LMH