Suppliers and third party partners of information systems, components and services are identified, prioritized and assessed using a cyber supply chain risk assessment process
|
|
| stereotype | ControlObjective |
| namespace | NIST_CSF |
| status | MANDATORY |
| refCode | ID.SC-2 |
| cobit | APO10.01, APO10.02, APO10.04, APO10.05, APO12.01, APO12.02, APO12.03, APO12.04, APO12.05, APO12.06, APO13.02, BAI02.03 |
| isa62443-2009 | 4.2.3.1, 4.2.3.2, 4.2.3.3, 4.2.3.4, 4.2.3.6, 4.2.3.8, 4.2.3.9, 4.2.3.10, 4.2.3.12, 4.2.3.13, 4.2.3.14 |
| iso27001 | A.15.2.1, A.15.2.2 |
| nist-sp800-53 | RA-2, RA-3, SA-12, SA-14, SA-15, PM-9 |