Has your organization tested its contingency plans for responding to and recovering from supply chain compromise incidents where products or services were found to be counterfeit or tampered with?
Explanation
Supply chain incident readiness is being probed here, namely whether you have tested contingency plans for responding to and recovering from counterfeit or tampered products and services. Such exercises help verify that your organization can effectively detect, respond to, and recover from supply chain compromises that could introduce vulnerabilities or malicious code into your systems.
Evidence could include documentation of supply chain compromise tabletop exercises, after-action reports from simulated or actual supply chain incidents, updated contingency plans based on exercise findings, or records of training sessions focused on supply chain compromise scenarios.
Implementation Example
Exercise contingency plans for responding to and recovering from the discovery that products or services did not originate with the contracted supplier or partner or were altered before receipt
ID: ID.IM-02.184
Context
- Function
- ID: IDENTIFY
- Category
- ID.IM: Improvement
- Sub-Category
- Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
Related questions
- Does your organization regularly conduct self-assessments of critical services that incorporate current threat intelligence and adversary tactics, techniques, and procedures (TTPs)?
- Has your organization conducted third-party assessments or independent audits of your cybersecurity program within the past 12 months?
- Does your organization utilize automated tools or systems to continuously evaluate compliance with your established cybersecurity requirements?
- Does your organization have a process to identify and implement improvements to incident response procedures based on findings from exercises, tests, and reviews?
- Does your organization have a formal process to identify and implement improvements to business continuity, disaster recovery, and incident response plans based on exercises conducted with critical service providers and suppliers?
- Does your organization involve internal stakeholders (such as senior executives, legal, and HR) in security tests and exercises?

