|
controlSR-5
Acquisition Strategies, Tools, and Methods (SR-5)
Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: [organization-defined].
Security Baselines
LOWMODERATEHIGH
supply-chainacquisitionthird-partyrisk
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports33
These related controls work together — a change to one may affect the others.
Mitigates1
This control helps defend against or reduce the risk of the linked threat technique.
Enhances2
These enhancements add specific capabilities or refinements to the base control.
Related Controls(19)
AT-3Role-based Training (AT-3)
LMH
CA-8Penetration Testing (CA-8)H
PM-30Supply Chain Risk Management Strategy (PM-30)RA-9Criticality Analysis (RA-9)MH
SA-2Allocation of Resources (SA-2)LMH
SA-3System Development Life Cycle (SA-3)LMH
SA-4Acquisition Process (SA-4)LMH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SA-9External System Services (SA-9)LMH
SA-10Developer Configuration Management (SA-10)MH
SA-11Developer Testing and Evaluation (SA-11)MH
SA-15Development Process, Standards, and Tools (SA-15)MH
SA-24Design For Cyber Resiliency (SA-24)SI-7Software, Firmware, and Information Integrity (SI-7)MH
SA-5System Documentation (SA-5)LMH
SR-6Supplier Assessments and Reviews (SR-6)MH
SR-9Tamper Resistance and Detection (SR-9)H
SR-10Inspection of Systems or Components (SR-10)LMH
SR-11Component Authenticity (SR-11)LMH