Skip to main content

πŸ’Ό GV.SC-04: Suppliers are known and prioritized by criticality

Description​

  1. Develop criteria for supplier criticality based on, for example, the sensitivity of data processed or possessed by suppliers, the degree of access to the organization's systems, and the importance of the products or services to the organization's mission
  2. Keep a record of all suppliers, and prioritize suppliers based on the criticality criteria

Similar​

  • Sections
    • /frameworks/nist-csf-v1.1/id-sc/02
    • /frameworks/nist-sp-800-53-r5/ra/09
    • /frameworks/nist-sp-800-53-r5/sa/09
    • /frameworks/nist-sp-800-53-r5/sr/06

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-9 Criticality Analysis
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-9 External System Services811
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-6 Supplier Assessments and Reviews1

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (7)​

PolicyLogic CountFlags
πŸ“ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For App Services is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Containers is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Key Vault is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Servers is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Storage is not set to On 🟒1🟒 x6