Skip to main content

πŸ’Ό GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes

  • Contextual name: πŸ’Ό GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes
  • ID: /frameworks/nist-csf-v2.0/gv-sc/03
  • Located in: πŸ’Ό Cybersecurity Supply Chain Risk Management (GV.SC)

Description​

  1. Identify areas of alignment and overlap with cybersecurity and enterprise risk management
  2. Establish integrated control sets for cybersecurity risk management and cybersecurity supply chain risk management
  3. Integrate cybersecurity supply chain risk management into improvement processes
  4. Escalate material cybersecurity risks in supply chains to senior management, and address them at the enterprise risk management level

Similar​

  • Sections
    • /frameworks/nist-csf-v1.1/id-sc/02
    • /frameworks/nist-sp-800-53-r5/ac/01
    • /frameworks/nist-sp-800-53-r5/at/01
    • /frameworks/nist-sp-800-53-r5/au/01
    • /frameworks/nist-sp-800-53-r5/ca/01
    • /frameworks/nist-sp-800-53-r5/cm/01
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ia/01
    • /frameworks/nist-sp-800-53-r5/ir/01
    • /frameworks/nist-sp-800-53-r5/ma/01
    • /frameworks/nist-sp-800-53-r5/mp/01
    • /frameworks/nist-sp-800-53-r5/pe/01
    • /frameworks/nist-sp-800-53-r5/pl/01
    • /frameworks/nist-sp-800-53-r5/pm/01
    • /frameworks/nist-sp-800-53-r5/ps/01
    • /frameworks/nist-sp-800-53-r5/pt/01
    • /frameworks/nist-sp-800-53-r5/ra/01
    • /frameworks/nist-sp-800-53-r5/sa/01
    • /frameworks/nist-sp-800-53-r5/sc/01
    • /frameworks/nist-sp-800-53-r5/si/01
    • /frameworks/nist-sp-800-53-r5/sr/01
    • /frameworks/nist-sp-800-53-r5/pm/09
    • /frameworks/nist-sp-800-53-r5/pm/18
    • /frameworks/nist-sp-800-53-r5/pm/30
    • /frameworks/nist-sp-800-53-r5/pm/31
    • /frameworks/nist-sp-800-53-r5/sr/02
    • /frameworks/nist-sp-800-53-r5/sr/03
    • /frameworks/nist-sp-800-53-r5/ra/03
    • /frameworks/nist-sp-800-53-r5/ra/07

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AT-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CM-1 Policy and Procedures3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CP-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό MA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό MP-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PL-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-1 Information Security Program Plan
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-9 Risk Management Strategy
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-18 Privacy Program Plan
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-30 Supply Chain Risk Management Strategy1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-31 Continuous Monitoring Strategy
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PS-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PT-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-3 Risk Assessment4
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-7 Risk Response
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-2 Supply Chain Risk Management Plan1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-3 Supply Chain Controls and Processes3

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (10)​

PolicyLogic CountFlags
πŸ“ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For App Services is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Containers is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Key Vault is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Servers is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Storage is not set to On 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user options Database Flag is configured 🟒1🟒 x6