CCI-002790

Coordinate incident handling activities involving supply chain events with other organizations involved in the supply chain.

Implementation Guidance

Determine if incident handling activities involving supply chain events are coordinated with other organizations involved in the supply chain.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing supply chain coordination and supply chain risk information sharing with the Federal Acquisition Security Council; acquisition contracts; service-level agreements; incident response plan; supply chain risk management plan; system security plan; incident response plans of other organization involved in supply chain activities; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident handling responsibilities; organizational personnel with mission and business responsibilities; organizational personnel with legal responsibilities; organizational personnel with information security responsibilities; organizational personnel with supply chain risk management responsibilities; organizational personnel with acquisition responsibilities].

The controls below (if any) were marked by NIST as being related to CCI-002790.