CCI-005081
CCI-005081 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if: - a process or processes is/are established to identify and address weaknesses or deficiencies in the supply chain elements and processes of [SR-03_ODP[01]; the system or system component requiring a process or processes to identify and address weaknesses or deficiencies is defined]. - the process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of [SR-03_ODP[01]; the system or system component requiring a process or processes to identify and address weaknesses or deficiencies is defined] is/are coordinated with [SR-03_ODP[02]; supply chain personnel with whom to coordinate the process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes is/are defined].
Validation Procedures
Examine: [SELECT FROM: Supply chain risk management policy; supply chain risk management procedures; supply chain risk management strategy; supply chain risk management plan; systems and critical system components inventory documentation; system and services acquisition policy; system and services acquisition procedures; procedures addressing the integration of information security and privacy requirements into the acquisition process; solicitation documentation; acquisition documentation (including purchase orders); service level agreements; acquisition contracts for systems or services; risk register documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with acquisition responsibilities; organizational personnel with information security and privacy responsibilities; organizational personnel with supply chain risk management responsibilities]. Test: [SELECT FROM: Organizational processes for identifying and addressing supply chain element and process deficiencies].