Supply Chain Risk Management is the name of a big security problem in the business world. It is so important that there isn't a single security framework that doesn't include Supply Chain Risk Management in its agenda, guidance, and suggested controls. NIST has a set of resources on the topic, but it is not the only organization that is addressing this problem.
Disclaimer: Nothing below should be taken as a criticism of the services offered. Pointing out their flaws and inefficiencies does not mean they don't have any value.