According to the Defense Acquisition University (DAU), SCRM is “A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities and threats throughout [an organization's supply chain] and developing mitigation strategies to combat those threats whether presented by the supplier, the supplied product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).” Additionally, working definitions include:

1. The process for managing risk by identifying, assessing, and mitigating threats, vulnerabilities,.and disruptions to the a supply chain from beginning to end to ensure mission effectiveness. Successful SCRM maintains the integrity of products, services, people, and technologies, and ensures the undisrupted flow of product. This also include any materiel, information, and finances across the lifecycle of a project. SCRM encompasses all sub-sets of SCRM, such as cybersecurity, software assurance, obsolescence, counterfeit parts, and foreign ownership of sub-tier vendors.other categories of risk that affect the supply chain.
2. SCRM is "...the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation,.or maintenance of a system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system." DAU.edu

Managing supply chain risks requires strong practices and understanding extended chains of suppliers, vendors, service providers and business partners.