Source: https://csrc.nist.gov/CSRC/media/Projects/cyber-supply-chain-risk-management/documents/SSCA/Spring_2019/8MayAM2.1_Update_on_CIQ_and_ISO_25010_Curtis.pdf