SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST CSF 2.0
Browse NIST CSF 2.0
GV.SC-01: Supply Chain Risk Management Program
GV.SC-02: Third Party Roles and Responsibilities
GV.SC-03: Supply Chain Risk Management Integration
GV.SC-04: Supplier Identification and Prioritization
GV.SC-05: Supplier Cybersecurity Risk Requirements
GV.SC-06: Third Party Due Diligence
GV.SC-07: Third Party Risk Assessment
GV.SC-08: Third Party Incident Management Integration
GV.SC-09: Supply Chain Security Practice Integration
GV.SC-10: Post-Agreement Activities Planning
Supply Chain Security Practice Integration
GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
  • Ex1:  Policies and procedures require provenance records for all acquired technology products and services
  • Ex2:  Periodically provide risk reporting to leaders about how acquired components are proven to be untampered and authentic
  • Ex3:  Communicate regularly among cybersecurity risk managers and operations personnel about the need to acquire software patches, updates, and upgrades only from authenticated and trustworthy software providers
  • Ex4:  Review policies to ensure that they require approved supplier personnel to perform maintenance on supplier products
  • Ex5:  Policies and procedure require checking upgrades to critical hardware for unauthorized changes
Description

Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle