Adapted from NIST-SP-800-161
A supply chain is a system of organizations, people, activities, information, and related resources involved in moving a product or service from a supplier to a customer. Supply chain activities involve the transformation of natural resources, raw materials, software, firmware, and components into a finished product that is delivered to a customer.
A supplier is a vendor who sells products or services. Suppliers can be manufacturers, packagers, distributers, resellers, wholesalers, or retail outlets.
An integrator is a vendor who provides customized products or services including development, test, operations, and maintenance.
An external service provider is a vendor who provides outsourced turn-key services.
The customer is the end user of the integrated product or service.
Supply chain risks are associated with an organizations decreased visibility into, and understanding of, how the technology that they acquire is developed, integrated, and deployed.