IR-6(3)

  • Requirement

    Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident.

  • Discussion

    Organizations involved in supply chain activities include product developers, system integrators, manufacturers, packagers, assemblers, distributors, vendors, and resellers. Entities that provide supply chain governance include the Federal Acquisition Security Council (FASC). Supply chain incidents include compromises or breaches that involve information technology products, system components, development processes or personnel, distribution processes, or warehousing facilities. Organizations determine the appropriate information to share and consider the value gained from informing external organizations about supply chain incidents, including the ability to improve processes or to identify the root cause of an incident.

More Info

  • Title

    Incident Reporting | Supply Chain Coordination
  • Family

    Incident Response
  • NIST 800-53B Baseline(s)

    • Moderate
    • High
  • Related NIST 800-53 ID

    SR-8

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!