>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SR-2Supply Chain Risk Management Plan

>Control Description

C-SCRM plans describe implementations, requirements, constraints, and implications at the system level. C-SCRM plans are influenced by the enterprise’s other risk assessment activities and may inherit and tailor common control baselines defined at Level 1 and Level 2. C-SCRM plans defined at Level 3 work in collaboration with the enterprise’s C-SCRM Strategy and Policies (Level 1 and Level 2) and the C-SCRM Implementation Plan (Level 1 and Level 2) to provide a systematic and holistic approach for cybersecurity supply chain risk management across the enterprise. C-SCRM plans should be developed as a standalone document and only integrated into existing system security plans if enterprise constraints require it.

>Cross-Framework Mappings

SCF

RSK-09
Compare
TPM-03
Compare

Ask AI

Configure your API key to use AI features.