RA-3(1) Supply Chain Risk Assessment
Statement
WTAMU shall perform an analysis of supply chain risk to identify systems or components for which supply chain risk mitigations are required. Supply chain-related events include disruption, use of defective components, insertion of counterfeits, theft, malicious development practices, improper delivery practices, and insertion of malicious code. These events can have a significant impact on the confidentiality, integrity, or availability of a system and its information which can adversely impact organizational operations. The supply chain-related events may be unintentional or malicious and can occur at any point during the system life cycle.
Applicability
This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.
Implementation
WTAMU shall:
- Assess supply chain risks associated with systems, components, and services
- Update the supply chain risk assessment annually, when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain