💼 GV.SC-01: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders

Contextual name: 💼 GV.SC-01: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders
ID: /frameworks/nist-csf-v2.0/gv-sc/01
Located in: 💼 Cybersecurity Supply Chain Risk Management (GV.SC)

Description

Establish a strategy that expresses the objectives of the cybersecurity supply chain risk management program
Develop the cybersecurity supply chain risk management program, including a plan (with milestones), policies, and procedures that guide implementation and improvement of the program, and share the policies and procedures with the organizational stakeholders
Develop and implement program processes based on the strategy, objectives, policies, and procedures that are agreed upon and performed by the organizational stakeholders
Establish a cross-organizational mechanism that ensures alignment between functions that contribute to cybersecurity supply chain risk management, such as cybersecurity, IT, operations, legal, human resources, and engineering

Sections
- /frameworks/nist-csf-v1.1/id-sc/01
- /frameworks/nist-sp-800-53-r5/pm/30
- /frameworks/nist-sp-800-53-r5/sr/02
- /frameworks/nist-sp-800-53-r5/sr/03

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders
💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy	1
💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan	1
💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes	3

Section	Sub Sections	Internal Rules	Policies	Flags