KSI-SCR-MONImplementation guide coming soon

Monitoring Supply Chain Risk

SCR — Supply Chain Risk Management

NIST 800-53: ac-20, ca-3, ir-6.3, ps-7, ra-5, sa-9, si-5, sr-5, sr-6, sr-8

Who this is for: Cloud service providers
Service class: All service classes
Implementation guidance: Official source only
Evidence automation: Not published

Reviewed implementation guidance for KSI-SCR-MON is not published yet. The official source below remains complete and authoritative.

Official FedRAMP source

Verbatim from FedRAMP/rules

Third party software information resources are automatically monitored for upstream vulnerabilities using mechanisms that may include contractual notification requirements or active monitoring services.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.