Navigate

IR-6 (3)

IR-6 (3): Coordination With Supply Chain

The organization provides security incident information to other organizations involved in the supply chain for information systems or information system components related to the incident.

Supplemental

Organizations involved in supply chain activities include, for example, system/product developers, integrators, manufacturers, packagers, assemblers, distributors, vendors, and resellers. Supply chain incidents include, for example, compromises/breaches involving information system components, information technology products, development processes or personnel, and distribution processes or warehousing facilities. Organizations determine the appropriate information to share considering the value gained from support by external organizations with the potential for harm due to sensitive information being released to outside organizations of perhaps questionable trustworthiness.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3

Related Controls

The controls below (if any) were marked by NIST as being related to IR-6 (3).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of IR-6 (3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to IR-6 (3).

CCI	Definition
CCI-002793	The organization provides security incident information to other organizations involved in the supply chain for information systems or information system components related to the incident.