💼 GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities

Contextual name: 💼 GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities
ID: /frameworks/nist-csf-v2.0/gv-sc/08
Located in: 💼 Cybersecurity Supply Chain Risk Management (GV.SC)

Description

Define and use rules and protocols for reporting incident response and recovery activities and the status between the organization and its suppliers
Identify and document the roles and responsibilities of the organization and its suppliers for incident response
Include critical suppliers in incident response exercises and simulations
Define and coordinate crisis communication methods and protocols between the organization and its critical suppliers
Conduct collaborative lessons learned sessions with critical suppliers

Section	Sub Sections	Internal Rules	Policies
💼 NIST CSF v1.1 → 💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers		1	1
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SA-4 Acquisition Process	12
💼 NIST SP 800-53 Revision 5 → 💼 SA-9 External System Services	8	1	1
💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan	1
💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes	3
💼 NIST SP 800-53 Revision 5 → 💼 SR-8 Notification Agreements

Section	Sub Sections	Internal Rules	Policies	Flags

Policy	Logic Count	Flags
📝 AWS S3 Bucket Versioning is not enabled 🟢	1	🟢 x6