💼 GV.SC-02: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally
- ID:
/frameworks/nist-csf-v2.0/gv-sc/02
Description​
- Identify one or more specific roles or positions that will be responsible and accountable for planning, resourcing, and executing cybersecurity supply chain risk management activities
- Document cybersecurity supply chain risk management roles and responsibilities in policy
- Create responsibility matrixes to document who will be responsible and accountable for cybersecurity supply chain risk management activities and how those teams and individuals will be consulted and informed
- Include cybersecurity supply chain risk management responsibilities and performance requirements in personnel descriptions to ensure clarity and improve accountability
- Document performance goals for personnel with cybersecurity risk management-specific responsibilities, and periodically measure them to demonstrate and improve performance
- Develop roles and responsibilities for suppliers, customers, and business partners to address shared responsibilities for applicable cybersecurity risks, and integrate them into organizational policies and applicable third-party agreements
- Internally communicate cybersecurity supply chain risk management roles and responsibilities for third parties
- Establish rules and protocols for information sharing and reporting processes between the organization and its suppliers
Similar​
- Sections
/frameworks/nist-csf-v1.1/id-sc/01/frameworks/nist-sp-800-53-r5/pm/30/frameworks/nist-sp-800-53-r5/sr/02/frameworks/nist-sp-800-53-r5/sr/03
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy | 1 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan | 1 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes | 3 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|