πΌ GV.SC-02: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally
- Contextual name: πΌ GV.SC-02: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally
- ID:
/frameworks/nist-csf-v2.0/gv-sc/02 - Located in: πΌ Cybersecurity Supply Chain Risk Management (GV.SC)
Descriptionβ
- Identify one or more specific roles or positions that will be responsible and accountable for planning, resourcing, and executing cybersecurity supply chain risk management activities
- Document cybersecurity supply chain risk management roles and responsibilities in policy
- Create responsibility matrixes to document who will be responsible and accountable for cybersecurity supply chain risk management activities and how those teams and individuals will be consulted and informed
- Include cybersecurity supply chain risk management responsibilities and performance requirements in personnel descriptions to ensure clarity and improve accountability
- Document performance goals for personnel with cybersecurity risk management-specific responsibilities, and periodically measure them to demonstrate and improve performance
- Develop roles and responsibilities for suppliers, customers, and business partners to address shared responsibilities for applicable cybersecurity risks, and integrate them into organizational policies and applicable third-party agreements
- Internally communicate cybersecurity supply chain risk management roles and responsibilities for third parties
- Establish rules and protocols for information sharing and reporting processes between the organization and its suppliers
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-sc/01/frameworks/nist-sp-800-53-r5/pm/30/frameworks/nist-sp-800-53-r5/sr/02/frameworks/nist-sp-800-53-r5/sr/03
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-30 Supply Chain Risk Management Strategy | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SR-2 Supply Chain Risk Management Plan | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SR-3 Supply Chain Controls and Processes | 3 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|