๐ผ Supply Chain Risk Management (ID.SC)
- Contextual name: ๐ผ Supply Chain Risk Management (ID.SC)
- ID:
/frameworks/nist-csf-v1.1/id-sc
- Located in: ๐ผ NIST CSF v1.1
Descriptionโ
The organization's priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.
Similarโ
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| ๐ผ ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | | | | |
| ๐ผ ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process | | 7 | 7 | |
| ๐ผ ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan | | | | |
| ๐ผ ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations | | 16 | 19 | |
| ๐ผ ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers | | 1 | 1 | |