STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 6 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

SR-1

Supply Chain Risk ManagementRev 5

Policy and Procedures

CCI Identifiers (16)

CCI-005056Disseminate an organization-level, mission/business process-level, and/or system-level supply chain risk management policy to organization-defined personnel or roles.CCI-005057Develop and document an organization-level, mission/business process-level, and/or system-level supply chain risk management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.CCI-005058Develop and document organization-level, mission/business process-level, and/or system-level supply chain risk management policy that is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.CCI-005059Develop and document procedures to facilitate the implementation of the supply chain risk management policy and the associated supply chain risk management controls.CCI-005060Designate an organization-defined official to manage the development and documentation of the supply chain risk management policy.CCI-005061Designate an organization-defined official to manage the development and documentation of the supply chain risk management procedures.CCI-005062Designate an organization-defined official to manage the dissemination of the supply chain risk management policy.CCI-005063Designate an organization-defined official to manage the dissemination of the supply chain risk management procedures.CCI-005064Review and update the current supply chain risk management policy on an organization-defined frequency.CCI-005065Defines the frequency for reviewing and updating the current supply chain risk management policy.CCI-005066Review and update the current supply chain risk management policy following organization-defined events.CCI-005067Defines the events following reviewing and updating the current supply chain risk management policy.CCI-005068Review and update the current supply chain risk management procedures on an organization-defined frequency.CCI-005069Defines the frequency for reviewing and updating the current supply chain risk management procedures.CCI-005070Review and update the current supply chain risk management procedures following organization-defined events.CCI-005071Defines the events following reviewing and updating the current supply chain risk management procedures.

Linked STIG Checks (0)

No STIG checks reference this control.