💼 Cybersecurity Supply Chain Risk Management (GV.SC)
- Contextual name: 💼 Cybersecurity Supply Chain Risk Management (GV.SC)
- ID:
/frameworks/nist-csf-v2.0/gv-sc
- Located in: 💼 NIST CSF v2.0
Description​
Cyber supply chain risk management processes are identified, established, managed, monitored, and improved by organizational stakeholders.
Similar​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| 💼 GV.SC-01: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders | | | | |
| 💼 GV.SC-02: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally | | | | |
| 💼 GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes | | | 10 | |
| 💼 GV.SC-04: Suppliers are known and prioritized by criticality | | | 7 | |
| 💼 GV.SC-05: Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties | | | | |
| 💼 GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships | | | | |
| 💼 GV.SC-07: The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship | | | 26 | |
| 💼 GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities | | | 1 | |
| 💼 GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle | | | | |
| 💼 GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement | | | | |