IR-4(10): Supply Chain Coordination

Control Family:

Incident Response

Parent Control:

IR-4: Incident Handling

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

ID.SC-5
DE.AE-2
DE.AE-3
DE.AE-4
DE.AE-5
RS.AN-1
RS.AN-2
RS.AN-3
RS.AN-4
RS.CO-3
RS.CO-4
RS.IM-1
RS.IM-2
RS.MI-1
RS.MI-2
RS.RP-1
RC.CO-3
RC.IM-1
RC.IM-2
RC.RP-1

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
IR-4(10): Supply Chain Coordination

Control Statement

The organization coordinates incident handling activities involving supply chain events with other organizations involved in the supply chain.

Supplemental Guidance

Organizations involved in supply chain activities include, for example, system/product developers, integrators, manufacturers, packagers, assemblers, distributors, vendors, and resellers. Supply chain incidents include, for example, compromises/breaches involving information system components, information technology products, development processes or personnel, and distribution processes or warehousing facilities.

Control Statement

Supplemental Guidance

Related Controls

Critical Security Controls Version 7.1