Skip to main content

💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations

  • Contextual name: 💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations
  • ID: /frameworks/nist-csf-v1.1/id-sc/04
  • Located in: 💼 Supply Chain Risk Management (ID.SC)

Description

Empty...

Similar

  • Sections
    • /frameworks/iso-iec-27001-2013/15/02/01
    • /frameworks/iso-iec-27001-2013/15/02/02
    • /frameworks/nist-sp-800-53-r4/au/02
    • /frameworks/nist-sp-800-53-r4/au/06
    • /frameworks/nist-sp-800-53-r4/au/12
    • /frameworks/nist-sp-800-53-r4/au/16
    • /frameworks/nist-sp-800-53-r4/ps/07
    • /frameworks/nist-sp-800-53-r4/sa/09
    • /frameworks/nist-sp-800-53-r4/sa/12
  • Internal
    • ID: dec-c-939fe270

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 ISO/IEC 27001:2013 → 💼 A.15.2.1 Monitoring and review of supplier services
💼 ISO/IEC 27001:2013 → 💼 A.15.2.2 Managing changes to supplier services
💼 NIST SP 800-53 Revision 4 → 💼 AU-2 AUDIT EVENTS434
💼 NIST SP 800-53 Revision 4 → 💼 AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING1022
💼 NIST SP 800-53 Revision 4 → 💼 AU-12 AUDIT GENERATION3
💼 NIST SP 800-53 Revision 4 → 💼 AU-16 CROSS-ORGANIZATIONAL AUDITING2
💼 NIST SP 800-53 Revision 4 → 💼 PS-7 THIRD-PARTY PERSONNEL SECURITY
💼 NIST SP 800-53 Revision 4 → 💼 SA-9 EXTERNAL INFORMATION SYSTEM SERVICES5
💼 NIST SP 800-53 Revision 4 → 💼 SA-12 SUPPLY CHAIN PROTECTION15

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v2.0 → 💼 GV.SC-07: The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship26
💼 NIST CSF v2.0 → 💼 ID.RA-10: Critical suppliers are assessed prior to acquisition26

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (19)

PolicyLogic CountFlags
📝 AWS CloudFront Distribution Logging is not enabled 🟢1🟢 x6
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢1🟢 x6
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢1🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢1🟢 x6
📝 AWS VPC Flow Logs are not enabled 🟢1🟠 x1, 🟢 x5
📝 Azure Diagnostic Setting for Azure Key Vault is not enabled 🟢🟢 x3
📝 Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON 🟢1🟢 x6
📝 Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days 🟢1🟢 x6
📝 Azure PostgreSQL Single Server log_connections Parameter is not set to ON 🟢1🟢 x6
📝 Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON 🟢1🟢 x6
📝 Azure SQL Server Auditing Retention is less than 90 days 🟢1🟢 x6
📝 Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟢1🟢 x6
📝 Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-0c82d7751
✉️ dec-x-9b79d91f1
✉️ dec-x-9c0416671
✉️ dec-x-20c9ef831
✉️ dec-x-24bba4831
✉️ dec-x-89d5ed7a1
✉️ dec-x-611eaa351
✉️ dec-x-1518c16e1
✉️ dec-x-79579ed71
✉️ dec-x-9002886f1
✉️ dec-x-b2ce0ca11
✉️ dec-x-c397d3ca2
✉️ dec-x-db1b7a1b1
✉️ dec-x-dc359e591
✉️ dec-x-e00143332