U.S. flag   An unofficial archive of your favorite United States government website
This is an archive
(replace .gov by .rip)
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

supply chain risk management (SCRM)

Abbreviation(s) and Synonym(s): Definition(s):

  A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier, the supplies product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).
Source(s):
CNSSI 4009-2015 CNSSD No. 505

  The process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of information and communications technology product and service supply chains.
Source(s):
NIST SP 800-37 Rev. 2 under supply chain risk management

  the implementation of processes, tools or techniques to minimize the adverse impact of attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle.
Source(s):
NISTIR 8074 Vol. 2 under Supply Chain Risk Management