Skip to main content

πŸ’Ό ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders

  • Contextual name: πŸ’Ό ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders
  • ID: /frameworks/nist-csf-v1.1/id-sc/01
  • Located in: πŸ’Ό Supply Chain Risk Management (ID.SC)

Description​

Empty...

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r4/sa/09
    • /frameworks/nist-sp-800-53-r4/sa/12
    • /frameworks/iso-iec-27001-2013/15/01/01
    • /frameworks/iso-iec-27001-2013/15/01/02
    • /frameworks/iso-iec-27001-2013/15/01/03
    • /frameworks/iso-iec-27001-2013/15/02/01
    • /frameworks/iso-iec-27001-2013/15/02/02
  • Internal
    • ID: dec-c-fb2f0b5d

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.15.1.1 Information security policy for supplier relationships
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.15.1.2 Addressing security within supplier agreements
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.15.1.3 Information and communication technology supply chain
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.15.2.1 Monitoring and review of supplier services
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.15.2.2 Managing changes to supplier services
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SA-9 EXTERNAL INFORMATION SYSTEM SERVICES5
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SA-12 SUPPLY CHAIN PROTECTION15

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.RM-05: Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-01: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-02: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags