⭐ Repository → 💼 NIST CSF v1.1 → 💼 Supply Chain Risk Management (ID.SC)
💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process
- ID:
/frameworks/nist-csf-v1.1/id-sc/02
Description
Empty...
Similar
- Sections
/frameworks/iso-iec-27001-2013/15/02/01/frameworks/iso-iec-27001-2013/15/02/02/frameworks/nist-sp-800-53-r4/ra/02/frameworks/nist-sp-800-53-r4/ra/03/frameworks/nist-sp-800-53-r4/sa/12/frameworks/nist-sp-800-53-r4/sa/14/frameworks/nist-sp-800-53-r4/sa/15
- Internal
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
| 💼 NIST CSF v2.0 → 💼 GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered | | | 7 | | no data |
| 💼 NIST CSF v2.0 → 💼 GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes | | | 10 | | no data |
| 💼 NIST CSF v2.0 → 💼 GV.SC-04: Suppliers are known and prioritized by criticality | | | 7 | | no data |
| 💼 NIST CSF v2.0 → 💼 GV.SC-07: The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship | | | 26 | | no data |
| 💼 NIST CSF v2.0 → 💼 ID.RA-10: Critical suppliers are assessed prior to acquisition | | | 26 | | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (7)
Internal Rules
| Rule | Policies | Flags |
|---|
| ✉️ dec-x-1a2f6279 | 1 | |
| ✉️ dec-x-9f7d853f | 1 | |
| ✉️ dec-x-52ac4ac0 | 1 | |
| ✉️ dec-x-8535d1ff | 1 | |
| ✉️ dec-x-a00b4ec9 | 1 | |
| ✉️ dec-x-a0471977 | 1 | |
| ✉️ dec-x-fafadacd | 1 | |