>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CA-6Authorization

>Control Description

Authorizing officials should include C-SCRM in authorization decisions. To accomplish this, supply chain risks and compensating controls documented in C-SCRM Plans or system security plans and the C-SCRM POA&M should be included in the authorization package as part of the decision-making process. Risks should be determined and associated compensating controls selected based on the output of criticality, threat, and vulnerability analyses. Authorizing officials may use the guidance in Section 2 of this document as well as NISTIR 8179 to guide the assessment process.

>Cross-Framework Mappings

SCF

IAO-07
Compare

Ask AI

Configure your API key to use AI features.