The process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of ICT product and service supply chains.

Source: NIST SP 800-161 | Category: