⭐ Repository → 💼 NIST SP 800-53 Revision 4 → 💼 SA SYSTEM AND SERVICES ACQUISITION

💼 SA-12 SUPPLY CHAIN PROTECTION

• ID: /frameworks/nist-sp-800-53-r4/sa/12

Description

The organization protects against supply chain threats to the information system, system component, or information system service by employing [Assignment: organization-defined security safeguards] as part of a comprehensive, defense-in-breadth information security strategy.

Similar

• Internal
  • ID: dec-c-de28a060

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 ID.BE-1: The organization's role in the supply chain is identified and communicated					no data
💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders					no data
💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process		7	7		no data
💼 NIST CSF v1.1 → 💼 ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan					no data
💼 NIST CSF v1.1 → 💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations		15	19		no data
💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented		6	9		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 SA-12 (1) ACQUISITION STRATEGIES _ TOOLS _ METHODS					no data
💼 SA-12 (2) SUPPLIER REVIEWS					no data
💼 SA-12 (3) TRUSTED SHIPPING AND WAREHOUSING					no data
💼 SA-12 (4) DIVERSITY OF SUPPLIERS					no data
💼 SA-12 (5) LIMITATION OF HARM					no data
💼 SA-12 (6) MINIMIZING PROCUREMENT TIME					no data
💼 SA-12 (7) ASSESSMENTS PRIOR TO SELECTION _ ACCEPTANCE _ UPDATE					no data
💼 SA-12 (8) USE OF ALL-SOURCE INTELLIGENCE					no data
💼 SA-12 (9) OPERATIONS SECURITY					no data
💼 SA-12 (10) VALIDATE AS GENUINE AND NOT ALTERED					no data
💼 SA-12 (11) PENETRATION TESTING _ ANALYSIS OF ELEMENTS, PROCESSES, AND ACTORS					no data
💼 SA-12 (12) INTER-ORGANIZATIONAL AGREEMENTS					no data
💼 SA-12 (13) CRITICAL INFORMATION SYSTEM COMPONENTS					no data
💼 SA-12 (14) IDENTITY AND TRACEABILITY					no data
💼 SA-12 (15) PROCESSES TO ADDRESS WEAKNESSES OR DEFICIENCIES					no data