Navigate

SA-12 (15)

SA-12 (15): Processes To Address Weaknesses Or Deficiencies

The organization establishes a process to address weaknesses or deficiencies in supply chain elements identified during independent or organizational assessments of such elements.

Supplemental

Evidence generated during independent or organizational assessments of supply chain elements (e.g., penetration testing, audits, verification/validation activities) is documented and used in follow-on processes implemented by organizations to respond to the risks related to the identified weaknesses and deficiencies. Supply chain elements include, for example, supplier development processes and supplier distribution systems.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3

Related Controls

The controls below (if any) were marked by NIST as being related to SA-12 (15).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SA-12 (15).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SA-12 (15).

CCI	Definition
CCI-003224	The organization establishes a process to address weaknesses or deficiencies in supply chain elements identified during independent or organizational assessments of such elements.