Document the selected and implemented supply chain processes and controls in security and privacy plans, supply chain risk management plan, or organization-defined document.
No STIG checks reference this CCI.