SR-8: Notification Agreements

An OSCAL Control

Statement

Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the .
- - Requirement:
    CSOs must ensure and document how they receive notifications from their supply chain vendor of newly discovered vulnerabilities including zero-day vulnerabilities.