Navigate

PL-8 (2)

PL-8 (2): Supplier Diversity

The organization requires that [Assignment: organization-defined security safeguards] allocated to [Assignment: organization-defined locations and architectural layers] are obtained from different suppliers.

Supplemental

Different information technology products have different strengths and weaknesses. Providing a broad spectrum of products complements the individual offerings. For example, vendors offering malicious code protection typically update their products at different times, often developing solutions for known viruses, Trojans, or worms according to their priorities and development schedules. By having different products at different locations (e.g., server, boundary, desktop) there is an increased likelihood that at least one will detect the malicious code.

CIA Levels
Confidentiality	low
Integrity	low
Availability	low

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to PL-8 (2).

Control	Description
SA-12	The organization protects against supply chain threats to the information system, system component, or information system service by employing [Assignment: organization-defined security safeguards] as part of a comprehensive, defense-in-breadth information security strategy.

Enhancements

The controls below (if any) add on to the requirements of PL-8 (2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to PL-8 (2).

CCI	Definition
CCI-003088	The organization requires that organization-defined security safeguards allocated to organization-defined locations and architectural layers be obtained from different suppliers.