Skip to main content

💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders

  • Contextual name: 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders
  • ID: /frameworks/nist-csf-v1.1/id-sc/01
  • Located in: 💼 Supply Chain Risk Management (ID.SC)

Description​

Empty...

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r4/sa/09
    • /frameworks/nist-sp-800-53-r4/sa/12
    • /frameworks/iso-iec-27001-2013/15/01/01
    • /frameworks/iso-iec-27001-2013/15/01/02
    • /frameworks/iso-iec-27001-2013/15/01/03
    • /frameworks/iso-iec-27001-2013/15/02/01
    • /frameworks/iso-iec-27001-2013/15/02/02
  • Internal
    • ID: dec-c-fb2f0b5d

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 ISO/IEC 27001:2013 → 💼 A.15.1.1 Information security policy for supplier relationships
💼 ISO/IEC 27001:2013 → 💼 A.15.1.2 Addressing security within supplier agreements
💼 ISO/IEC 27001:2013 → 💼 A.15.1.3 Information and communication technology supply chain
💼 ISO/IEC 27001:2013 → 💼 A.15.2.1 Monitoring and review of supplier services
💼 ISO/IEC 27001:2013 → 💼 A.15.2.2 Managing changes to supplier services
💼 NIST SP 800-53 Revision 4 → 💼 SA-9 EXTERNAL INFORMATION SYSTEM SERVICES5
💼 NIST SP 800-53 Revision 4 → 💼 SA-12 SUPPLY CHAIN PROTECTION15

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v2.0 → 💼 GV.RM-05: Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties
💼 NIST CSF v2.0 → 💼 GV.SC-01: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders
💼 NIST CSF v2.0 → 💼 GV.SC-02: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally
💼 NIST CSF v2.0 → 💼 GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
💼 NIST CSF v2.0 → 💼 GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
💼 NIST CSF v2.0 → 💼 GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags