Navigate

SA-12 (5)

SA-12 (5): Limitation Of Harm

The organization employs [Assignment: organization-defined security safeguards] to limit harm from potential adversaries identifying and targeting the organizational supply chain.

Supplemental

Supply chain risk is part of the advanced persistent threat (APT). Security safeguards and countermeasures to reduce the probability of adversaries successfully identifying and targeting the supply chain include, for example: (i) avoiding the purchase of custom configurations to reduce the risk of acquiring information systems, components, or products that have been corrupted via supply chain actions targeted at specific organizations; (ii) employing a diverse set of suppliers to limit the potential harm from any given supplier in the supply chain; (iii) employing approved vendor lists with standing reputations in industry, and (iv) using procurement carve outs (i.e., exclusions to commitments or obligations).

CIA Levels
Confidentiality	high
Integrity	high
Availability	high

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SA-12 (5).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SA-12 (5).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SA-12 (5).

CCI	Definition
CCI-003201	The organization employs organization-defined security safeguards to limit harm from potential adversaries identifying and targeting the organizational supply chain.
CCI-003202	The organization defines security safeguards to employ to limit harm from potential adversaries identifying and targeting the organizational supply chain.