SR-6: Supplier Assessments and Reviews
From NIST's SP800-53:
Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide [Assignment: organization-defined frequency].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1505.001 | SQL Stored Procedures | Persistence |
| T1505.002 | Transport Agent | Persistence |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1546.006 | LC_LOAD_DYLIB Addition | Persistence, Privilege Escalation |
| T1505.004 | IIS Components | Persistence |
| T1601 | Modify System Image | Defense Evasion |
| T1505 | Server Software Component | Persistence |
| T1204.003 | Malicious Image | Execution |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1554 | Compromise Client Software Binary | Persistence |
| T1059.002 | AppleScript | Execution |
| T1601.001 | Patch System Image | Defense Evasion |