Skip to main content

💼 SA-12 SUPPLY CHAIN PROTECTION

  • ID: /frameworks/nist-sp-800-53-r4/sa/12

Description​

The organization protects against supply chain threats to the information system, system component, or information system service by employing [Assignment: organization-defined security safeguards] as part of a comprehensive, defense-in-breadth information security strategy.

Similar​

  • Internal
    • ID: dec-c-de28a060

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 ID.BE-1: The organization's role in the supply chain is identified and communicatedno data
💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholdersno data
💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77no data
💼 NIST CSF v1.1 → 💼 ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Planno data
💼 NIST CSF v1.1 → 💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations1519no data
💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented69no data

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 SA-12 (1) ACQUISITION STRATEGIES _ TOOLS _ METHODSno data
💼 SA-12 (2) SUPPLIER REVIEWSno data
💼 SA-12 (3) TRUSTED SHIPPING AND WAREHOUSINGno data
💼 SA-12 (4) DIVERSITY OF SUPPLIERSno data
💼 SA-12 (5) LIMITATION OF HARMno data
💼 SA-12 (6) MINIMIZING PROCUREMENT TIMEno data
💼 SA-12 (7) ASSESSMENTS PRIOR TO SELECTION _ ACCEPTANCE _ UPDATEno data
💼 SA-12 (8) USE OF ALL-SOURCE INTELLIGENCEno data
💼 SA-12 (9) OPERATIONS SECURITYno data
💼 SA-12 (10) VALIDATE AS GENUINE AND NOT ALTEREDno data
💼 SA-12 (11) PENETRATION TESTING _ ANALYSIS OF ELEMENTS, PROCESSES, AND ACTORSno data
💼 SA-12 (12) INTER-ORGANIZATIONAL AGREEMENTSno data
💼 SA-12 (13) CRITICAL INFORMATION SYSTEM COMPONENTSno data
💼 SA-12 (14) IDENTITY AND TRACEABILITYno data
💼 SA-12 (15) PROCESSES TO ADDRESS WEAKNESSES OR DEFICIENCIESno data