Back

Disseminate and communicate the supply chain risk management policy to all interested personnel and affected parties.


CONTROL ID
14662
CONTROL TYPE
Communicate
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a supply chain risk management policy., CC ID: 14663

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., FedRAMP Security Controls High Baseline, Version 5)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., FedRAMP Security Controls Low Baseline, Version 5)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., FedRAMP Security Controls Moderate Baseline, Version 5)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • The C-SCRM process should be carried out across the three risk management levels with the overall objective of continuous improvement of the enterprise's risk-related activities and effective inter- and intra-level communication, thus integrating both strategic and tactical activities among all stak… (2.3.1. ΒΆ 5, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • [Selection (one or more): organization-level; mission/business process-level; system-level] supply chain risk management policy that: (SR-1a.1., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)