The process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of ICT product and service supply chains.
Sources:
NISTIR 7622