Implement an agency-wide policy for the management of supply-chain risks associated with the development, acquisition, maintenance, and disposal of systems, system components, and system services. This policy should address key controls outlined in NIST 800-53, such as the procurement of third-party services, high-value asset identification, and counterfeit component prevention