Skip to main content

💼 GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes

  • Contextual name: 💼 GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes
  • ID: /frameworks/nist-csf-v2.0/gv-sc/03
  • Located in: 💼 Cybersecurity Supply Chain Risk Management (GV.SC)

Description

  1. Identify areas of alignment and overlap with cybersecurity and enterprise risk management
  2. Establish integrated control sets for cybersecurity risk management and cybersecurity supply chain risk management
  3. Integrate cybersecurity supply chain risk management into improvement processes
  4. Escalate material cybersecurity risks in supply chains to senior management, and address them at the enterprise risk management level

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/id-sc/02
    • /frameworks/nist-sp-800-53-r5/ac/01
    • /frameworks/nist-sp-800-53-r5/at/01
    • /frameworks/nist-sp-800-53-r5/au/01
    • /frameworks/nist-sp-800-53-r5/ca/01
    • /frameworks/nist-sp-800-53-r5/cm/01
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ia/01
    • /frameworks/nist-sp-800-53-r5/ir/01
    • /frameworks/nist-sp-800-53-r5/ma/01
    • /frameworks/nist-sp-800-53-r5/mp/01
    • /frameworks/nist-sp-800-53-r5/pe/01
    • /frameworks/nist-sp-800-53-r5/pl/01
    • /frameworks/nist-sp-800-53-r5/pm/01
    • /frameworks/nist-sp-800-53-r5/ps/01
    • /frameworks/nist-sp-800-53-r5/pt/01
    • /frameworks/nist-sp-800-53-r5/ra/01
    • /frameworks/nist-sp-800-53-r5/sa/01
    • /frameworks/nist-sp-800-53-r5/sc/01
    • /frameworks/nist-sp-800-53-r5/si/01
    • /frameworks/nist-sp-800-53-r5/sr/01
    • /frameworks/nist-sp-800-53-r5/pm/09
    • /frameworks/nist-sp-800-53-r5/pm/18
    • /frameworks/nist-sp-800-53-r5/pm/30
    • /frameworks/nist-sp-800-53-r5/pm/31
    • /frameworks/nist-sp-800-53-r5/sr/02
    • /frameworks/nist-sp-800-53-r5/sr/03
    • /frameworks/nist-sp-800-53-r5/ra/03
    • /frameworks/nist-sp-800-53-r5/ra/07

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures3
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Plan
💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy
💼 NIST SP 800-53 Revision 5 → 💼 PM-18 Privacy Program Plan
💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy1
💼 NIST SP 800-53 Revision 5 → 💼 PM-31 Continuous Monitoring Strategy
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment4
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan1
💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes3

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (10)

PolicyLogic CountFlags
📝 Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For App Services is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For Containers is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For Key Vault is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For Servers is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For Storage is not set to On 🟢1🟢 x6
📝 Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟢1🟢 x6
📝 Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟢1🟢 x6
📝 Google Cloud SQL Server Instance user options Database Flag is configured 🟢1🟢 x6