The potential for harm or compromise arising from suppliers, their supply chains, their products, or their services. Cybersecurity risks throughout the supply chain arise from threats that exploit vulnerabilities or exposures within products and services traversing the supply chain as well as threats exploiting vulnerabilities or exposures within the supply chain itself.

Source: NIST SP 800-161r1-upd1 | Category: