Thank you to Tidal Cyber and SOC Prime for becoming ATT&CK's first Benefactors. To join the cohort, or learn more about this program visit our Benefactors page.

Supply Chain Management

Implement a supply chain management program, including policies and procedures to ensure all devices and components originate from a trusted supplier and are tested to verify their integrity.

ID: M0817

Security Controls: NIST SP 800-53 Rev. 4 - SA-12, NIST SP 800-53 Rev. 5 - SR-1

Version: 1.0

Created: 12 April 2021

Last Modified: 20 September 2023

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID		Name	Use
ICS	T0862		Supply Chain Compromise	A supply chain management program should include methods the assess the trustworthiness and technical maturity of a supplier, along with technical methods (e.g., code-signing, bill of materials) needed to validate the integrity of newly obtained devices and components. Develop procurement language that emphasizes the expectations for suppliers regarding the artifacts, audit records, and technical capabilities needed to validate the integrity of the devices supply chain. ^[1]

References

Robert A. Martin 2021, January TRUSTING OUR SUPPLY CHAINS: A COMPREHENSIVE DATA-DRIVEN APPROACH Retrieved. 2021/04/12

Supply Chain Management

ICS Layer

Techniques Addressed by Mitigation

References