This chapter discusses the mechanisms for establishing a supply chain risk management (SCRM) capability within any organization. It examines the several existing information and communication technology standard models that could be used to structure and oversee practical product supply chain operations. The chapter presents the Control process for substantive SCRM. Management and controls go hand in hand in that a substantive state of management is implemented by the specific control behaviors that dictate the right operational practice. National Institute of Standards and Technology Special Publication 800-53 is the basis for selecting and specifying the security controls that are to be implemented in a given organization. Particular standard is expected to have wide-scale influence on how controls for SCRM are formulated and implemented through the industry at large. The challenge in formulating and implementing security controls is the basic requirement to identify and implement the right set of controls in a real-world situation.