SR-5

Acquisition Strategies, Tools, and Methods

Supply Chain Risk Management

The organization employs the following controls to develop and implement supply chain risk management strategies, tools, and methods.

High PriorityAI-Relevant Control

Purpose

Develop and implement effective strategies, tools, and methods for supply chain risk management.

AI Relevance

Critical for developing effective strategies and tools to manage risks in AI supply chains, including model acquisition and data procurement.

Implementation Guidance

Develop comprehensive supply chain risk management strategies, implement risk assessment tools, and establish risk mitigation methods.

Assessment

Review supply chain strategies, test risk management tools, verify risk assessment methods, and validate risk management processes.

Requirements

  • 1Develop supply chain risk management strategies
  • 2Implement supply chain risk management strategies
  • 3Develop supply chain risk management tools
  • 4Implement supply chain risk management tools
  • 5Develop supply chain risk management methods
  • 6Implement supply chain risk management methods
  • 7Establish supply chain risk management procedures
  • 8Implement supply chain risk management procedures
  • 9Establish supply chain risk management processes
  • 10Implement supply chain risk management processes

Related Controls

SR-1: Supply Chain Risk Management Policy and ProceduresSR-2: Supply Chain Risk Management PlanSR-3: Supply Chain Controls and ProcessesSR-4: Provenance

References

NIST SP 800-53 Rev 5NIST Cybersecurity Supply Chain Risk Management

Framework Context

NIST 800-53 Rev 5

Security and Privacy Controls for Federal Information Systems

Official Documentation →

NIST AI RMF

AI Risk Management Framework

AI RMF Documentation →

OWASP AISVS

AI Security Verification Standard

AISVS Documentation →