STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SR-8

Supply Chain Risk ManagementRev 5organization

Notification Agreements

Baselines:LowModerateHigh

Control Statement

Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the [Selection: organization-defined value].

Supplemental Guidance

The establishment of agreements and procedures facilitates communications among supply chain entities. Early notification of compromises and potential compromises in the supply chain that can potentially adversely affect or have adversely affected organizational systems or system components is essential for organizations to effectively respond to such incidents. The results of assessments or audits may include open-source information that contributed to a decision or result and could be used to help the supply chain entity resolve a concern or improve its processes.

Related Controls (3)

IR-4IR-6IR-8

CCI Identifiers (2)

CCI-005124Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the notification of supply chain compromises, results of assessments or audits, and/or organization-defined information.CCI-005125Defines the information for establishing agreements and procedures with entities involved in the supply chain for the system, system component, or system service.

Linked STIG Checks (0)

No STIG checks reference this control.