← Back to catalog
IR-4(10)

Supply Chain Coordination

Incident Response (IR)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Coordinate incident handling activities involving supply chain events with other organizations involved in the supply chain.

Discussion

Organizations involved in supply chain activities include product developers, system integrators, manufacturers, packagers, assemblers, distributors, vendors, and resellers. Supply chain incidents can occur anywhere through or to the supply chain and include compromises or breaches that involve primary or sub-tier providers, information technology products, system components, development processes or personnel, and distribution processes or warehousing facilities. Organizations consider including processes for protecting and sharing incident information in information exchange agreements and their obligations for reporting incidents to government oversight bodies (e.g., Federal Acquisition Security Council).

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.