Skip to main content

πŸ’Ό ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process

  • Contextual name: πŸ’Ό ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process
  • ID: /frameworks/nist-csf-v1.1/id-sc/02
  • Located in: πŸ’Ό Supply Chain Risk Management (ID.SC)

Description​

Empty...

Similar​

  • Sections
    • /frameworks/iso-iec-27001-2013/15/02/01
    • /frameworks/iso-iec-27001-2013/15/02/02
    • /frameworks/nist-sp-800-53-r4/ra/02
    • /frameworks/nist-sp-800-53-r4/ra/03
    • /frameworks/nist-sp-800-53-r4/sa/12
    • /frameworks/nist-sp-800-53-r4/sa/14
    • /frameworks/nist-sp-800-53-r4/sa/15
  • Internal
    • ID: dec-c-f0f74468

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.15.2.1 Monitoring and review of supplier services
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.15.2.2 Managing changes to supplier services
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό RA-2 SECURITY CATEGORIZATION
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό RA-3 RISK ASSESSMENT
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SA-12 SUPPLY CHAIN PROTECTION15
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SA-14 CRITICALITY ANALYSIS1
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS11

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-04: Suppliers are known and prioritized by criticality7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-07: The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship26
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-10: Critical suppliers are assessed prior to acquisition26

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (7)​

PolicyLogic CountFlags
πŸ“ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For App Services is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Containers is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Key Vault is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Servers is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Storage is not set to On 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-1a2f62791
βœ‰οΈ dec-x-9f7d853f1
βœ‰οΈ dec-x-52ac4ac01
βœ‰οΈ dec-x-8535d1ff1
βœ‰οΈ dec-x-a00b4ec91
βœ‰οΈ dec-x-a04719771
βœ‰οΈ dec-x-fafadacd1