SA-14(1) — Critical Components with No Viable Alternative Sourcing

When critical components have no viable alternative source, you face a concentrated supply chain risk. If that sole-source vendor is compromised, you have no fallback.

Example 1: Identify all sole-source components in your environment and document the risk. If only one vendor makes the specialized software your mission depends on, develop a contingency plan: maintain stockpiles, negotiate source code escrow agreements, or invest in developing an internal alternative.

Example 2: For critical components with no alternative, negotiate enhanced contract terms: source code escrow, enhanced security requirements, priority support, and the right to independent security assessments. Monitor the vendor's financial and security health more closely than you would a vendor with alternatives.