CCI-005113
CCI-005113 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if: - [SR-05_ODP; acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks are defined] are employed to protect against supply chain risks. - [SR-05_ODP; acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks are defined] are employed to identify supply chain risks. - [SR-05_ODP; acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks are defined] are employed to mitigate supply chain risks.
Validation Procedures
Examine: [SELECT FROM: Supply chain risk management policy; supply chain risk management procedures; supply chain risk management plan; system and services acquisition policy; system and services acquisition procedures; procedures addressing supply chain protection; procedures addressing the integration of information security and privacy requirements into the acquisition process; solicitation documentation; acquisition documentation (including purchase orders); service level agreements; acquisition contracts for systems, system components, or services; documentation of training, education, and awareness programs for personnel regarding supply chain risk; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with acquisition responsibilities; organizational personnel with information security and privacy responsibilities; organizational personnel with supply chain risk management responsibilities]. Test: [SELECT FROM: Organizational processes for defining and employing tailored acquisition strategies, contract tools, and procurement methods; mechanisms supporting and/or implementing the definition and employment of tailored acquisition strategies, contract tools, and procurement methods].