SR-11.2: Configuration Control for Component Service and Repair

configuration control over system components awaiting service or repair is maintained;

configuration control over serviced or repaired system components awaiting return to service is maintained.

Supply chain risk management policy and procedures

supply chain risk management plan

configuration control procedures

acquisition documentation

service level agreements

acquisition contracts for the system component

inter-organizational agreements and procedures

system security plan

other relevant documents or records

Organizational personnel with system and services acquisition responsibilities

organizational personnel with information security responsibilities

organizational personnel with supply chain risk management responsibilities

Organizational processes for establishing inter-organizational agreements and procedures with supply chain entities

organizational configuration control processes