Supply Chain Risk Management (SCRM)

1. The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Source: Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS), https://niccs.us-cert.gov/about-niccs/glossary

2. A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier, the product and its subcomponents, or the supply chain itself (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).

Source: U.S. Cyberspace Solarium Commission, March 2020, https://subscriber.politicopro.com/f/?id=00000170-c638-d8f7-a7f1-f63b33510000

3. The management of supply chain risk whether presented by the supplier, the supplied product and its sub-components, or the supply chain (e.g., packaging, handling, storage, and transport). (DTM 09-016).

Source: Terms & Definitions of Interest for DoD Counterintelligence Professionals, Office of the National Counterintelligence, https://www.dni.gov/files/NCSC/documents/ci/CI_Glossary.pdf