T7.8.3 - LIMITATION OF HARM Implementation Guidance
The entity shall limit harm from potential adversaries targeting the organizational supply chain.
Back to T7.8.3 - P4 - LIMITATION OF HARM
Supply chain risk is part of the advanced persistent threat. Security controls to reduce the probability of adversaries successfully identifying and targeting the supply chain include, for example:
- A. Avoiding the purchase of custom configurations to reduce the risk of acquiring information systems, components, or products that have been corrupted via supply chain actions targeted at specific entities
- B. Employing a diverse set of suppliers to limit the potential harm from any given supplier in the supply chain
- C. Using procurement carve outs
Back to T7.8.3 - P4 - LIMITATION OF HARM
