[2/27/24, 11:00 AM EST] CSRC has been experiencing technical difficulties recently. If you are unable to access a CSRC page or resource, or get a 503 error, please try reloading the page several times--it may help to wait a few minutes before trying again. We apologize for the inconvenience, and hope to have a solution in place next week.
A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier, the supplies product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).
CNSSI 4009-2015 from CNSSD No. 505
The process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of information and communications technology product and service supply chains.
NIST SP 800-37 Rev. 2 under supply chain risk management from OMB Circular A-130 (2016)
A systematic process for managing cyber supply chain risk exposures, threats, and vulnerabilities throughout the supply chain and developing risk response strategies to the risks presented by the supplier, the supplied products and services, or the supply chain.
NIST SP 800-53 Rev. 5 under supply chain risk management
NIST SP 800-53A Rev. 5 under supply chain risk management
the implementation of processes, tools or techniques to minimize the adverse impact of attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle.
NISTIR 8074 Vol. 2 under Supply Chain Risk Management