πΌ SA-12 SUPPLY CHAIN PROTECTION
Descriptionβ
The organization protects against supply chain threats to the information system, system component, or information system service by employing [Assignment: organization-defined security safeguards] as part of a comprehensive, defense-in-breadth information security strategy.
Similarβ
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| πΌ NIST CSF v1.1 β πΌ ID.BE-1: The organization's role in the supply chain is identified and communicated | | | | |
| πΌ NIST CSF v1.1 β πΌ ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | | | | |
| πΌ NIST CSF v1.1 β πΌ ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process | | 7 | 7 | |
| πΌ NIST CSF v1.1 β πΌ ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan | | | | |
| πΌ NIST CSF v1.1 β πΌ ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations | | 16 | 19 | |
| πΌ NIST CSF v1.1 β πΌ PR.IP-2: A System Development Life Cycle to manage systems is implemented | | 6 | 6 | |
Sub Sectionsβ