Secure Controls Framework
Download The SCF
SCRM/C-SCRM

How does supply chain risk relate to CMMC compliance?

Direct Answer

CMMC directly addresses supply chain risk for Defense Industrial Base organizations. It requires that CUI protection extends through supply chains - prime contractors must flow CMMC requirements to subcontractors that process CUI. CMMC's Supply Chain Risk Management (SR) domain requires C-SCRM policies, supplier risk assessments, cybersecurity contract requirements, and supplier compliance monitoring. SCF maps to CMMC SR domain requirements directly.

Keep Exploring

Relevant Resources

References

Authoritative Sources