GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes
Ex1: Identify areas of alignment and overlap with cybersecurity and enterprise risk management
Ex2: Establish integrated control sets for cybersecurity risk management and cybersecurity supply chain risk management
Ex3: Integrate cybersecurity supply chain risk management into improvement processes
Ex4: Escalate material cybersecurity risks in supply chains to senior management, and address them at the enterprise risk management level
Tier
Description
Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes