|

controlSR-1

Policy and Procedures (SR-1)

Develop, document, and disseminate to [organization-defined]: Designate an [organization-defined] to manage the development, documentation, and dissemination of the supply chain risk management policy and procedures; and Review and update the current supply chain risk management:

Security Baselines

LOWMODERATEHIGH

supply-chainacquisitionthird-partyrisk

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports6

These related controls work together — a change to one may affect the others.

Mitigates1

This control helps defend against or reduce the risk of the linked threat technique.

Related Controls(4)

PM-9Risk Management Strategy (PM-9)PM-30Supply Chain Risk Management Strategy (PM-30)PS-8Personnel Sanctions (PS-8)

SI-12Information Management and Retention (SI-12)

Threat Coverage(1 ATT&CK techniques)

T1195Supply Chain Compromise

See Also

@SP 800-53 Overview ⚖Compare Baselines