>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PM-30Supply Chain Risk Management Strategy

>Control Description

The Supply Chain Risk Management Strategy (also known as C-SCRM Strategy) should be complemented with a C-SCRM Implementation Plan that lays out detailed initiatives and activities for the enterprise with timelines and responsible parties. This implementation plan can be a POA&M or be included in a POA&M. Based on the C-SCRM Strategy and Implementation Plan at Level 1, the enterprise should select and document common C- SCRM controls that should address the enterprise, program, and system-specific needs. These controls should be iteratively integrated into the C-SCRM Policy at Level 1 and Level 2, as well as the C-SCRM plan (or SSP if required) at Level 3. See Section 2 and Appendix C for further guidance on risk management.

>Cross-Framework Mappings

SCF

RSK-09
Compare

Ask AI

Configure your API key to use AI features.