SR-2: Supply Chain Risk Management Plan

NIST Baseline: Low 

DIR Required By:  07/20/2023 

Review Date:  08/22/2024 

• It is the responsibility of the Tarleton State University (Tarleton) Chief Information Security Officer (CISO) to: 
  • Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations, and disposal of university systems, system components or system services; 
  • Implement the supply chain risk management plan consistently across the university; 
  • Review and update the supply chain risk management annually to address threat, organizational or environmental changes; and 
  • Protect the supply chain risk management plan from unauthorized disclosure and modification. 

---

References/Additional Resources

FASC18 

41 CFR 201 

EO 13873 

CNSSD 505 

SP 800-30 

SP 800-39 

SP-800-160-1 

SP 800-161 

SP 800-181 

IR 7622