SR-3
Supply Chain Controls and Processes
Supply Chain Risk Management
The organization establishes and maintains supply chain controls and processes to manage supply chain risks.
High PriorityAI-Relevant Control
Purpose
Implement controls and processes to mitigate supply chain risks.
AI Relevance
Critical for implementing controls to manage risks from AI model providers, data vendors, and AI infrastructure suppliers.
Implementation Guidance
Implement vendor assessment frameworks, establish monitoring systems, and create incident response procedures for supply chain events.
Assessment
Test supply chain controls, verify vendor assessments, review monitoring processes, and validate incident response procedures.
Requirements
- 1Establish supply chain controls
- 2Maintain supply chain controls
- 3Establish supply chain processes
- 4Maintain supply chain processes
- 5Implement vendor assessment procedures
- 6Establish vendor monitoring processes
- 7Implement supply chain risk assessment procedures
- 8Establish supply chain risk mitigation procedures
- 9Implement supply chain incident response procedures
- 10Establish supply chain recovery procedures
Related Controls
Framework Context
NIST 800-53 Rev 5
Security and Privacy Controls for Federal Information Systems
Official Documentation →