SR-8: Notification Agreements

NIST Baseline: Low

The procuring party, in consultation with the Tarleton State University (Tarleton) Chief Information Security Officer (CISO), shall coordinate with university procurement services to establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the notification of supply chain compromises, or results of assessments or audits.
- The notification of supply chain compromises includes security incidents, privacy breaches and the notification of assessment or audit results.
- Vendor contracts and procedures should be established to decrease or eliminate the effects of potentially adverse supply chain compromises.