💼 GV.SC-04: Suppliers are known and prioritized by criticality

• ID: /frameworks/nist-csf-v2.0/gv-sc/04

Description

1. Develop criteria for supplier criticality based on, for example, the sensitivity of data processed or possessed by suppliers, the degree of access to the organization's systems, and the importance of the products or services to the organization's mission
2. Keep a record of all suppliers, and prioritize suppliers based on the criticality criteria

Similar

• Sections
  • /frameworks/nist-csf-v1.1/id-sc/02
  • /frameworks/nist-sp-800-53-r5/ra/09
  • /frameworks/nist-sp-800-53-r5/sa/09
  • /frameworks/nist-sp-800-53-r5/sr/06

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process		7	7		no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-9 Criticality Analysis					no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-9 External System Services	8	1	1		no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-6 Supplier Assessments and Reviews	1				no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (7)

Policy	Logic Count	Flags	Compliance
🛡️ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For App Services is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Containers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Key Vault is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Servers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Storage is not set to On🟢	1	🟢 x6	no data