Description
Tools and techniques may provide protections against unauthorized production, theft, tampering, insertion of counterfeits, insertion of malicious software or backdoors, and poor development practices throughout the system development life cycle.
Applicability
-
This control applies to the Information Resource Owner or designee.
Implementation
-
1
The Information Resource Owner or designee shall employ acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks.