πΌ GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
- Contextual name: πΌ GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
- ID:
/frameworks/nist-csf-v2.0/gv-sc/10
- Located in: πΌ Cybersecurity Supply Chain Risk Management (GV.SC)
Descriptionβ
Ex1: Establish processes for terminating critical relationships under both normal and
adverse circumstances
Ex2: Define and implement plans for component end-of-life maintenance support and obsolescence
Ex3: Verify that supplier access to organization resources is deactivated promptly
when it is no longer needed
Ex4: Verify that assets containing the organization's data are returned or properly
disposed of in a timely, controlled, and safe manner
Ex5: Develop and execute a plan for terminating or transitioning supplier relationships
that takes supply chain security risk and resiliency into account
Ex6: Mitigate risks to data and systems created by supplier termination
Ex7: Manage data leakage risks associated with supplier termination
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-sc/01/frameworks/nist-sp-800-53-r5/pm/31/frameworks/nist-sp-800-53-r5/ra/03/frameworks/nist-sp-800-53-r5/ra/05/frameworks/nist-sp-800-53-r5/ra/07/frameworks/nist-sp-800-53-r5/sa/04/frameworks/nist-sp-800-53-r5/sa/09/frameworks/nist-sp-800-53-r5/sr/02/frameworks/nist-sp-800-53-r5/sr/03/frameworks/nist-sp-800-53-r5/sr/05/frameworks/nist-sp-800-53-r5/sr/06
Similar Sections (Take Policies From)β
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|