Certified Information Systems Security Professional (CISSP) — Question 191

An organization implements supply chain risk management (SCRM) into all phases of the Systems Development Life Cycle (SDLC). What methodology is MOST important to ensure that SCRM requirements are met?

Answer options

• A. Supplier self-assessment
• B. Procurement assessment
• C. Vulnerability assessment
• D. Third-party assessment

Correct answer: D

Explanation

The correct answer is D, Third-party assessment, because it directly evaluates the risks associated with external suppliers and partners, ensuring that SCRM requirements are adequately addressed. Options A, B, and C, while useful in their own contexts, do not focus specifically on the risks posed by third-party entities that are essential to the supply chain.