Book:Comprehensive Guide to Developing and Implementing a Cybersecurity Plan/A simplified description of NIST Special Publication 800-53 controls, with ties to LIMSpec/Supply chain risk management

From LIMSWiki
Revision as of 19:01, 21 March 2023 by Shawndouglas (talk | contribs) (Created as needed.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Appendix 1.20 Supply chain risk management

The set of SR controls are largely aimed at the organization level and not directed at the information system. As such, they have no LIMSpec parallels and are not discussed in detail here. That said, NIST notes that supply chain risk management (SCRM) activities "include identifying and assessing risks" based on the organization's "dependence on products, systems, and services from external providers, as well as the nature of the relationships with those providers." SCRM activities also include "determining appropriate risk response actions [to supply chain risk], developing SCRM plans to document response actions, and monitoring performance against plans." The first control, SR-1, is included here. For more on these controls, consult pages 363–73 of NIST SP 800-53, Rev. 5.

SR-1 Policy and procedures

This control recommends the organization develop, document, disseminate, review, and update SCRM policies and procedures. It asks organizations to not only address the purpose, scope, roles, responsibilities, and enforcement of system and information integrity action but also to address how those policies and procedures will be implemented, reviewed, and updated.

Additional resources:

References

Citation information for this chapter

Chapter: Appendix 1. A simplified description of NIST Special Publication 800-53 controls, with ties to LIMSpec

Title: Comprehensive Guide to Developing and Implementing a Cybersecurity Plan

Edition: Second

Author for citation: Shawn E. Douglas

License for content: Creative Commons Attribution-ShareAlike 4.0 International

Publication date: March 2023