Mechanisms exist to periodically assess supply chain risks associated with Technology Assets, Applications and/or Services (TAAS).
Control Question
Assessment question for control validation
Does the organization periodically assess supply chain risks associated with Technology Assets, Applications and/or Services (TAAS)?
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Core Control Designations
Special designations and baseline inclusions
MAD: RSK-09.1
ESP Level 1: RSK-09.1
ESP Level 2: RSK-09.1
ESP Level 3: RSK-09.1