The organization’s role in the supply chain is identified and communicated from Cybersecurity Fundamentals framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)

Maturity Level 2

Maturity Level 3

ID.BE-1.1

ID.BE-1.1: The organization’s role in the supply chain shall be identified, documented, and communicated.

The organisation should be able to clearly identify who is upstream and downstream of the organisation and which suppliers provide services, capabilities, products and items to the organisation.
The organisation should communicate its position to its upstream and downstream so that it is understood where they sit in terms of critical importance to the organisation's operations.

Description

The organization’s role in the supply chain shall be identified, documented, and communicated.

ID.BE-1.2

ID.BE-1.2: The organization shall protect its ICT/OT environment from supply chain threats by applying security safeguards as part of a documented comprehensive security strategy.

Description

The organization shall protect its ICT/OT environment from supply chain threats by applying security safeguards as part of a documented comprehensive security strategy.