Supply chain risk management is
|“||[t]he process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.||”|
|“||[t]he management of supply chain risk whether presented by the supplier, the supplied product and its sub-components, or the supply chain (e.g., packaging, handling, storage, and transport).||”|
|“||the implementation of processes, tools or techniques to minimize the adverse impact of attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle.||”|
|“||A program to establish processes and procedures to minimize acquisition-related risks to critical acquisitions including, hardware components and software solutions from supply chain threats due to reliance on global sources of supply.||”|
- ↑ NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
- ↑ Office of Counterintelligence (DXC), Defense CI & HUMINT Center, Defense Intelligence Agency, "Terms and Definitions of Interest for DoD Counterintelligence Professional," at GL-164 (May 2, 2011) (full-text).
- ↑ NISTIR 8074, at 37.
- ↑ National Security Agency, "Mobility Capability Package," at D-5 (Nov. 4, 2013) (full-text).