|

controlSR-2

Supply Chain Risk Management Plan (SR-2)

Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of the following systems, system components or system services: [organization-defined]; Review and update the supply chain risk management plan [organization-defined] or as required, to address threat, organizational or environmental changes; and Protect the supply chain risk management plan from unauthori

Security Baselines

LOWMODERATEHIGH

supply-chainacquisitionthird-partyrisk

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports28

These related controls work together — a change to one may affect the others.

Mitigates1

This control helps defend against or reduce the risk of the linked threat technique.

Enhances1

These enhancements add specific capabilities or refinements to the base control.

Related Controls(16)

CA-2Control Assessments (CA-2)

CP-4Contingency Plan Testing (CP-4)

MA-6Timely Maintenance (MA-6)

PE-16Delivery and Removal (PE-16)

PL-2System Security and Privacy Plans (PL-2)

PM-1Information Security Program Plan (PM-1)PM-9Risk Management Strategy (PM-9)PM-30Supply Chain Risk Management Strategy (PM-30)PM-31Continuous Monitoring Strategy (PM-31)RA-7Risk Response (RA-7)

SA-8Security and Privacy Engineering Principles (SA-8)

SI-12Information Management and Retention (SI-12)

IR-4Incident Handling (IR-4)

MA-2Controlled Maintenance (MA-2)

RA-3Risk Assessment (RA-3)

SI-4System Monitoring (SI-4)

Threat Coverage(1 ATT&CK techniques)

T1195Supply Chain Compromise

Control Enhancements(1)

SR-2(1)Establish SCRM Team (SR-2(1))

See Also

@SP 800-53 Overview ⚖Compare Baselines