None
Means of managing ICT supply chain risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of administrative, technical, management, or legal nature.
Source(s):
NIST SP 800-161
ISO/IEC 27000:2014 - Adapted