💼 SR-6 Supplier Assessments and Reviews

• ID: /frameworks/nist-sp-800-53-r5/sr/06

Description

Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide [Assignment: organization-defined frequency].

Similar

• Internal
  • ID: dec-c-4516a0a7

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 SR-6 Supplier Assessments and Reviews (M)(H)					no data
💼 NIST CSF v2.0 → 💼 GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered			7		no data
💼 NIST CSF v2.0 → 💼 GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction			3		no data
💼 NIST CSF v2.0 → 💼 GV.OV-02: The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks					no data
💼 NIST CSF v2.0 → 💼 GV.OV-03: Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed					no data
💼 NIST CSF v2.0 → 💼 GV.SC-04: Suppliers are known and prioritized by criticality			7		no data
💼 NIST CSF v2.0 → 💼 GV.SC-05: Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties					no data
💼 NIST CSF v2.0 → 💼 GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships					no data
💼 NIST CSF v2.0 → 💼 GV.SC-07: The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship			26		no data
💼 NIST CSF v2.0 → 💼 GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle					no data
💼 NIST CSF v2.0 → 💼 GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement			1		no data
💼 NIST CSF v2.0 → 💼 ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use			4		no data
💼 NIST CSF v2.0 → 💼 ID.RA-10: Critical suppliers are assessed prior to acquisition			26		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 SR-6(1) Supplier Assessments and Reviews _ Testing and Analysis					no data