Include the scope in the supply chain risk management policy.

Back

CONTROL ID
14707

CONTROL TYPE
Establish/Maintain Documentation

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Establish, implement, and maintain a supply chain risk management policy., CC ID: 14663

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), FedRAMP Security Controls High Baseline, Version 5)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), FedRAMP Security Controls Low Baseline, Version 5)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), FedRAMP Security Controls Moderate Baseline, Version 5)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
C-SCRM requires accountability, commitment, oversight, direct involvement, and ongoing support from senior leaders and executives. Enterprises should ensure that C-SCRM roles and responsibilities are defined for senior leaders who participate in supply chain activities (e.g., acquisition and procure… (2.3.2. ¶ 4, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SR-1a.1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)