💼 GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes

ID: /frameworks/nist-csf-v2.0/gv-sc/03

Description

Identify areas of alignment and overlap with cybersecurity and enterprise risk management
Establish integrated control sets for cybersecurity risk management and cybersecurity supply chain risk management
Integrate cybersecurity supply chain risk management into improvement processes
Escalate material cybersecurity risks in supply chains to senior management, and address them at the enterprise risk management level

Similar

Sections
- /frameworks/nist-csf-v1.1/id-sc/02
- /frameworks/nist-sp-800-53-r5/ac/01
- /frameworks/nist-sp-800-53-r5/at/01
- /frameworks/nist-sp-800-53-r5/au/01
- /frameworks/nist-sp-800-53-r5/ca/01
- /frameworks/nist-sp-800-53-r5/cm/01
- /frameworks/nist-sp-800-53-r5/cp/01
- /frameworks/nist-sp-800-53-r5/ia/01
- /frameworks/nist-sp-800-53-r5/ir/01
- /frameworks/nist-sp-800-53-r5/ma/01
- /frameworks/nist-sp-800-53-r5/mp/01
- /frameworks/nist-sp-800-53-r5/pe/01
- /frameworks/nist-sp-800-53-r5/pl/01
- /frameworks/nist-sp-800-53-r5/pm/01
- /frameworks/nist-sp-800-53-r5/ps/01
- /frameworks/nist-sp-800-53-r5/pt/01
- /frameworks/nist-sp-800-53-r5/ra/01
- /frameworks/nist-sp-800-53-r5/sa/01
- /frameworks/nist-sp-800-53-r5/sc/01
- /frameworks/nist-sp-800-53-r5/si/01
- /frameworks/nist-sp-800-53-r5/sr/01
- /frameworks/nist-sp-800-53-r5/pm/09
- /frameworks/nist-sp-800-53-r5/pm/18
- /frameworks/nist-sp-800-53-r5/pm/30
- /frameworks/nist-sp-800-53-r5/pm/31
- /frameworks/nist-sp-800-53-r5/sr/02
- /frameworks/nist-sp-800-53-r5/sr/03
- /frameworks/nist-sp-800-53-r5/ra/03
- /frameworks/nist-sp-800-53-r5/ra/07

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process		7	7	no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures			3	no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Plan				no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy				no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-18 Privacy Program Plan				no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy	1			no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-31 Continuous Monitoring Strategy				no data
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment	4		1	no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response				no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan	1			no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes	3			no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (10)

Policy	Logic Count	Flags	Compliance
🛡️ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For App Services is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Containers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Key Vault is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Servers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Storage is not set to On🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Sub Sections​

Policies (10)​

Description

Similar

Similar Sections (Take Policies From)

Sub Sections

Policies (10)