💼 GV.SC-01: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders
- Contextual name: 💼 GV.SC-01: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders
- ID:
/frameworks/nist-csf-v2.0/gv-sc/01 - Located in: 💼 Cybersecurity Supply Chain Risk Management (GV.SC)
Description​
- Establish a strategy that expresses the objectives of the cybersecurity supply chain risk management program
- Develop the cybersecurity supply chain risk management program, including a plan (with milestones), policies, and procedures that guide implementation and improvement of the program, and share the policies and procedures with the organizational stakeholders
- Develop and implement program processes based on the strategy, objectives, policies, and procedures that are agreed upon and performed by the organizational stakeholders
- Establish a cross-organizational mechanism that ensures alignment between functions that contribute to cybersecurity supply chain risk management, such as cybersecurity, IT, operations, legal, human resources, and engineering
Similar​
- Sections
/frameworks/nist-csf-v1.1/id-sc/01/frameworks/nist-sp-800-53-r5/pm/30/frameworks/nist-sp-800-53-r5/sr/02/frameworks/nist-sp-800-53-r5/sr/03
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy | 1 | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan | 1 | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes | 3 |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|