{"id":1922,"date":"2024-08-27T17:07:25","date_gmt":"2024-08-27T17:07:25","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1922"},"modified":"2024-09-04T17:55:07","modified_gmt":"2024-09-04T17:55:07","slug":"sr-8-notification-agreements","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/supply-chain-risk-management-sr\/sr-8-notification-agreements\/","title":{"rendered":"SR-8: Notification Agreements"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">SR-8: Notification Agreements<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: <\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By:<\/strong> &nbsp;07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: \u00a0<\/strong>08\/27\/2024\u00a0<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The procuring party, in consultation with the Tarleton State University (Tarleton) Chief Information Security Officer (CISO), shall coordinate with university procurement services to establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the notification of supply chain compromises, or results of assessments or audits.&nbsp;\n<ul class=\"wp-block-list\">\n<li>The notification of supply chain compromises includes security incidents, privacy breaches and the notification of assessment or audit results. &nbsp;<\/li>\n\n\n\n<li>Vendor contracts and procedures should be established to decrease or eliminate the effects of potentially adverse supply chain compromises.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.congress.gov\/bill\/115th-congress\/senate-bill\/3085\" target=\"_blank\" rel=\"noreferrer noopener\">FASC18<\/a> &nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.ecfr.gov\/current\/title-41\/subtitle-D\/chapter-201\/part-201-1\" target=\"_blank\" rel=\"noreferrer noopener\">41 CFR 201<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.federalregister.gov\/documents\/2019\/05\/17\/2019-10538\/securing-the-information-and-communications-technology-and-services-supply-chain\" target=\"_blank\" rel=\"noreferrer noopener\">EO 13873<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.iso.org\/standard\/82905.html\" target=\"_blank\" rel=\"noreferrer noopener\">ISO 27036<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/30\/r1\/final\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-30<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/161\/r1\/final\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-161<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/ir\/7622\/final\" target=\"_blank\" rel=\"noreferrer noopener\">IR 7622<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SR-8: Notification Agreements NIST Baseline: Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: \u00a008\/27\/2024\u00a0 References\/Additional Resources FASC18 &nbsp; 41 CFR 201&nbsp; EO 13873&nbsp; ISO 27036&nbsp; SP 800-30&nbsp; SP 800-161&nbsp; IR 7622&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1983,"menu_order":5,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1922","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on August 27, 2024","modified":"Updated on September 4, 2024"},"absolute_dates_time":{"created":"Posted on August 27, 2024 5:07 pm","modified":"Updated on September 4, 2024 5:55 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1922"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1922\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1983"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}