Skip to main content

💼 GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement

  • ID: /frameworks/nist-csf-v2.0/gv-sc/10

Description

Ex1: Establish processes for terminating critical relationships under both normal and adverse circumstances Ex2: Define and implement plans for component end-of-life maintenance support and obsolescence Ex3: Verify that supplier access to organization resources is deactivated promptly when it is no longer needed Ex4: Verify that assets containing the organization's data are returned or properly disposed of in a timely, controlled, and safe manner Ex5: Develop and execute a plan for terminating or transitioning supplier relationships that takes supply chain security risk and resiliency into account Ex6: Mitigate risks to data and systems created by supplier termination Ex7: Manage data leakage risks associated with supplier termination

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/id-sc/01
    • /frameworks/nist-sp-800-53-r5/pm/31
    • /frameworks/nist-sp-800-53-r5/ra/03
    • /frameworks/nist-sp-800-53-r5/ra/05
    • /frameworks/nist-sp-800-53-r5/ra/07
    • /frameworks/nist-sp-800-53-r5/sa/04
    • /frameworks/nist-sp-800-53-r5/sa/09
    • /frameworks/nist-sp-800-53-r5/sr/02
    • /frameworks/nist-sp-800-53-r5/sr/03
    • /frameworks/nist-sp-800-53-r5/sr/05
    • /frameworks/nist-sp-800-53-r5/sr/06

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholdersno data
💼 NIST SP 800-53 Revision 5 → 💼 PM-31 Continuous Monitoring Strategyno data
💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment41no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-5 Vulnerability Monitoring and Scanning111no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Responseno data
💼 NIST SP 800-53 Revision 5 → 💼 SA-4 Acquisition Process12no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-9 External System Services811no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan1no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes3no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods2no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-6 Supplier Assessments and Reviews1no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (1)

PolicyLogic CountFlagsCompliance
🛡️ AWS ECR Repository Manual Scanning is enabled🟢1🟢 x6no data