The organization defines the security safeguards to employ to protect against supply chain threats to the information system, system component, or information system service.
No STIG checks reference this CCI.