Skip to main content

πŸ’Ό SR-8 Notification Agreements

Description​

Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the [Selection (one or more): notification of supply chain compromises; results of assessments or audits; [Assignment: organization-defined information]].

Similar​

  • Internal
    • ID: dec-c-032b0601

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SR-8 Notification Agreements (L)(M)(H)
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SR-8 Notification Agreements (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities1
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RC.CO-03: Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RS.CO-02: Internal and external stakeholders are notified of incidents30
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RS.CO-03: Information is shared with designated internal and external stakeholders17
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RS.MA-01: The incident response plan is executed in coordination with relevant third parties once an incident is declared

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags