← Back to catalog
SR-3(2)

Limitation of Harm

Supply Chain Risk Management (SR)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Employ the following controls to limit harm from potential adversaries identifying and targeting the organizational supply chain: [assignment].

Discussion

Controls that can be implemented to reduce the probability of adversaries successfully identifying and targeting the supply chain include avoiding the purchase of custom or non-standardized configurations, employing approved vendor lists with standing reputations in industry, following pre-agreed maintenance schedules and update and patch delivery mechanisms, maintaining a contingency plan in case of a supply chain event, using procurement carve-outs that provide exclusions to commitments or obligations, using diverse delivery routes, and minimizing the time between purchase decisions and delivery.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.