πΌ GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
- Contextual name: πΌ GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
- ID:
/frameworks/nist-csf-v2.0/gv-sc/06 - Located in: πΌ Cybersecurity Supply Chain Risk Management (GV.SC)
Descriptionβ
- Perform thorough due diligence on prospective suppliers that is consistent with procurement planning and commensurate with the level of risk, criticality, and complexity of each supplier relationship
- Assess the suitability of the technology and cybersecurity capabilities and the risk management practices of prospective suppliers
- Conduct supplier risk assessments against business and applicable cybersecurity requirements
- Assess the authenticity, integrity, and security of critical products prior to acquisition and use
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-sc/01/frameworks/nist-sp-800-53-r5/sa/04/frameworks/nist-sp-800-53-r5/sa/09/frameworks/nist-sp-800-53-r5/sr/05/frameworks/nist-sp-800-53-r5/sr/06
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ SA-4 Acquisition Process | 12 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SA-9 External System Services | 8 | 1 | 1 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ SR-5 Acquisition Strategies, Tools, and Methods | 2 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SR-6 Supplier Assessments and Reviews | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|