Skip to main content

💼 Supply Chain Risk Management (ID.SC)

  • ID: /frameworks/nist-csf-v1.1/id-sc

Stats​

not available

Description​

The organization's priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.

Similar​

  • Internal
    • ID: dec-b-23ac7681

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholdersno data
💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77no data
💼 ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Planno data
💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations1619no data
💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers11no data