💼 GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
- ID:
/frameworks/nist-csf-v2.0/gv-sc/06
Description​
- Perform thorough due diligence on prospective suppliers that is consistent with procurement planning and commensurate with the level of risk, criticality, and complexity of each supplier relationship
- Assess the suitability of the technology and cybersecurity capabilities and the risk management practices of prospective suppliers
- Conduct supplier risk assessments against business and applicable cybersecurity requirements
- Assess the authenticity, integrity, and security of critical products prior to acquisition and use
Similar​
- Sections
/frameworks/nist-csf-v1.1/id-sc/01/frameworks/nist-sp-800-53-r5/sa/04/frameworks/nist-sp-800-53-r5/sa/09/frameworks/nist-sp-800-53-r5/sr/05/frameworks/nist-sp-800-53-r5/sr/06
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 SA-4 Acquisition Process | 12 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SA-9 External System Services | 8 | 1 | 1 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods | 2 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SR-6 Supplier Assessments and Reviews | 1 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|