CMMCDocs.comHome / Glossary / Supply Chain Risk Management (SR) Family
Supply Chain Risk Management (SR) Family
Also known as: SR family
Supply Chain Risk Management — a control family added in NIST SP 800-171 Rev 3 and incorporated into CMMC where applicable. Governs vendor risk and component provenance.
Supply Chain Risk Management (SR) is a control family that NIST added in SP 800-171 Revision 3, drawn from the broader NIST SP 800-161 supply chain risk management framework. It is not part of the original 14 families in NIST SP 800-171 Rev 2 (which is what CMMC Level 2 currently assesses against), but it appears in CMMC documentation and will become more prominent as CMMC transitions to Rev 3.
SR controls cover topics like assessing supply chain risk for products and services, controlling component provenance, managing supplier risk through contract clauses, and identifying counterfeit components — particularly relevant for the electronic component industry that supplies the DoD.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account