← Back to catalog
PL-8(2)

Supplier Diversity

Planning (PL)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Require that [assignment] allocated to [assignment] are obtained from different suppliers.

Discussion

Information technology products have different strengths and weaknesses. Providing a broad spectrum of products complements the individual offerings. For example, vendors offering malicious code protection typically update their products at different times, often developing solutions for known viruses, Trojans, or worms based on their priorities and development schedules. By deploying different products at different locations, there is an increased likelihood that at least one of the products will detect the malicious code. With respect to privacy, vendors may offer products that track personally identifiable information in systems. Products may use different tracking methods. Using multiple products may result in more assurance that personally identifiable information is inventoried.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.