Skip to main content

💼 GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities

  • ID: /frameworks/nist-csf-v2.0/gv-sc/08

Description

  1. Define and use rules and protocols for reporting incident response and recovery activities and the status between the organization and its suppliers
  2. Identify and document the roles and responsibilities of the organization and its suppliers for incident response
  3. Include critical suppliers in incident response exercises and simulations
  4. Define and coordinate crisis communication methods and protocols between the organization and its critical suppliers
  5. Conduct collaborative lessons learned sessions with critical suppliers

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/id-sc/05
    • /frameworks/nist-sp-800-53-r5/sa/04
    • /frameworks/nist-sp-800-53-r5/sa/09
    • /frameworks/nist-sp-800-53-r5/sr/02
    • /frameworks/nist-sp-800-53-r5/sr/03
    • /frameworks/nist-sp-800-53-r5/sr/08
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ir/01

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers11no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SA-4 Acquisition Process12no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-9 External System Services811no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan1no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes3no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-8 Notification Agreementsno data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (1)

PolicyLogic CountFlagsCompliance
🛡️ AWS S3 Bucket Versioning is not enabled🟢1🟢 x6no data