>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AT-1Policy And Procedures

>Control Description

Enterprises should designate a specific official to manage the development, documentation, and dissemination of the training policy and procedures, including C-SCRM and role-based specific training for those with supply chain responsibilities. Enterprises should integrate cybersecurity supply chain risk management training and awareness into the security training and awareness policy. C-SCRM training should target both the enterprise and its contractors. The policy should ensure that supply chain cybersecurity role-based training is required for those individuals or functions that touch or impact the supply chain, such as the information system owner, acquisition, supply chain logistics, system engineering, program management, IT, quality, and incident response. C-SCRM training procedures should address: a. Roles throughout the supply chain and system/element life cycle to limit the opportunities and means available to individuals performing these roles that could result in adverse consequences, b. Requirements for interaction between an enterprise’s personnel and individuals not employed by the enterprise who participate in the supply chain throughout the SDLC, and c. Incorporating feedback and lessons learned from C-SCRM activities into the C-SCRM training.

>Cross-Framework Mappings

SCF

GOV-03
Compare
SAT-01
Compare
GOV-02
Compare

Ask AI

Configure your API key to use AI features.