myctrl.tools
Compare

PM-30(1)Suppliers Of Critical Or Mission-Essential Items

>Control Description

Identify, prioritize, and assess suppliers of critical or mission-essential technologies, products, and services.

>Cross-Framework Mappings

SCF

TDA-06.1
Compare
TDA-12
Compare
TPM-02
Compare

>Supplemental Guidance

The identification and prioritization of suppliers of critical or mission-essential technologies, products, and services is paramount to the mission/business success of organizations. The assessment of suppliers is conducted using supplier reviews (see SR-06) and supply chain risk assessment processes (see RA-03(01)). An analysis of supply chain risk can help an organization identify systems or components for which additional supply chain risk mitigations are required.

>Related Controls

RA-3
SR-6

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What program-level governance exists for suppliers of critical or mission-essential items?
  • Who has overall responsibility and accountability for suppliers of critical or mission-essential items across the organization?
  • How does the organization measure and report on suppliers of critical or mission-essential items effectiveness?
  • What resources are allocated to support suppliers of critical or mission-essential items activities?
  • How does suppliers of critical or mission-essential items integrate with other organizational programs and initiatives?

Technical Implementation:

  • What enterprise systems or platforms support suppliers of critical or mission-essential items?
  • How are suppliers of critical or mission-essential items activities tracked and reported organization-wide?
  • What integration exists between suppliers of critical or mission-essential items tools and other security/privacy systems?
  • What automation supports suppliers of critical or mission-essential items at the program level?
  • What metrics or analytics are used to measure suppliers of critical or mission-essential items effectiveness?

Evidence & Documentation:

  • Provide program-level documentation for suppliers of critical or mission-essential items.
  • Provide evidence of suppliers of critical or mission-essential items review and approval by senior leadership.
  • Provide metrics or reports demonstrating suppliers of critical or mission-essential items effectiveness.
  • Provide records of suppliers of critical or mission-essential items updates and improvements.
  • Provide documentation of suppliers of critical or mission-essential items integration with organizational governance.

Ask AI

Configure your API key to use AI features.