CCI-004471

Review and update the supply chain risk management strategy on an organization-defined frequency or as required, to address organizational changes.

Implementation Guidance

Determine if the supply chain risk management strategy is reviewed and updated [PM-30_ODP; the frequency for reviewing and updating the supply chain risk management strategy is defined] or as required to address Organizational changes.

Validation Procedures

Examine: [SELECT FROM: Supply chain risk management strategy; organizational risk management strategy; enterprise risk management documents; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with supply chain risk management responsibilities; organizational personnel with information security responsibilities; organizational personnel with acquisition responsibilities; organizational personnel with enterprise risk management responsibilities].

The controls below (if any) were marked by NIST as being related to CCI-004471.