Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
GV.SC-09.1: Supply chain security practices shall be integrated into information/cybersecurity and enterprise risk management programs, and their performance shall be monitored throughout the product and service life cycle. |
|
GV.SC-09.1 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p41 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that supply chain security practices are embedded into the organisation’s information security, cybersecurity, and enterprise risk management programs, with performance monitored and improved throughout the lifecycle of products and services. To achieve this goal: - Align with Related Controls This control builds on GV.SC-05.2 by ensuring that contractual information and cybersecurity requirements, such as flaw resolution and remediation of identified deficiencies, are actively managed within broader risk programs. - Establish Governance Foundations Supply chain security policies should be documented, covering both information and cybersecurity expecta- tions for suppliers and third parties. - Integrate into Risk Frameworks Supplychain risks should be embedded in enterprise and information securityrisk management frameworks, including OT-specific risks and dependencies. - Formalise Security Expectations Contracts and SLAs should include clear clauses on information and cybersecurity, audit rights, and perfor- mance metrics. - Monitor and Evaluate Performance Risk assessments, audit reports, and incident records should be reviewed regularly to assess supplier posture and identify areas for improvement. - Enable Continuous Monitoring Monitoring tools and KPIs should be used to track supplier security performance across the lifecycle, including incident response times and conformance rates. - Support Awareness and Training Training and awareness programs should address supply chain-related information and cybersecurity risks for both internal teams and suppliers. - Ensure Lifecycle Coverage Documentation should demonstrate that supply chain security is considered from procurement through to decommissioning, especially for OT systems and components. GV.SC-010 |
|
A general note, for any purpose. |
The goal of this control is to ensure that supply chain security practices are embedded into the organisation’s information security, cybersecurity, and enterprise risk management programs, with performance monitored and improved throughout the lifecycle of products and services. To achieve this goal: • Align with Related Controls This control builds on GV.SC-05.2 by ensuring that contractual information and cybersecurity requirements, such as flaw resolution and remediation of identified deficiencies, are actively managed within broader risk programs. • Establish Governance Foundations Supply chain security policies should be documented, covering both information and cybersecurity expecta- tions for suppliers and third parties. • Integrate into Risk Frameworks Supplychain risks should be embedded in enterprise and information securityrisk management frameworks, including OT-specific risks and dependencies. • Formalise Security Expectations Contracts and SLAs should include clear clauses on information and cybersecurity, audit rights, and perfor- mance metrics. • Monitor and Evaluate Performance Risk assessments, audit reports, and incident records should be reviewed regularly to assess supplier posture and identify areas for improvement. • Enable Continuous Monitoring Monitoring tools and KPIs should be used to track supplier security performance across the lifecycle, including incident response times and conformance rates. • Support Awareness and Training Training and awareness programs should address supply chain-related information and cybersecurity risks for both internal teams and suppliers. • Ensure Lifecycle Coverage Documentation should demonstrate that supply chain security is considered from procurement through to decommissioning, especially for OT systems and components. GV.SC-010 |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that supply chain security practices are embedded into the organisation’s information security, cybersecurity, and enterprise risk management programs, with performance monitored and improved throughout the lifecycle of products and services. To achieve this goal:</p><ul><li>Align with Related Controls This control builds on GV.SC-05.2 by ensuring that contractual information and cybersecurity requirements, such as flaw resolution and remediation of identified deficiencies, are actively managed within broader risk programs.</li><li>Establish Governance Foundations Supply chain security policies should be documented, covering both information and cybersecurity expecta- tions for suppliers and third parties.</li><li>Integrate into Risk Frameworks Supplychain risks should be embedded in enterprise and information securityrisk management frameworks, including OT-specific risks and dependencies.</li><li>Formalise Security Expectations Contracts and SLAs should include clear clauses on information and cybersecurity, audit rights, and perfor- mance metrics.</li><li>Monitor and Evaluate Performance Risk assessments, audit reports, and incident records should be reviewed regularly to assess supplier posture and identify areas for improvement.</li><li>Enable Continuous Monitoring Monitoring tools and KPIs should be used to track supplier security performance across the lifecycle, including incident response times and conformance rates.</li><li>Support Awareness and Training Training and awareness programs should address supply chain-related information and cybersecurity risks for both internal teams and suppliers.</li><li>Ensure Lifecycle Coverage Documentation should demonstrate that supply chain security is considered from procurement through to decommissioning, especially for OT systems and components. GV.SC-010</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that supply chain security practices are embedded into the organisation’s information security, cybersecurity, and enterprise risk management programs, with performance monitored and improved throughout the lifecycle of products and services. To achieve this goal: - Align with Related Controls This control builds on GV.SC-05.2 by ensuring that contractual information and cybersecurity requirements, such as flaw resolution and remediation of identified deficiencies, are actively managed within broader risk programs. - Establish Governance Foundations Supply chain security policies should be documented, covering both information and cybersecurity expecta- tions for suppliers and third parties. - Integrate into Risk Frameworks Supplychain risks should be embedded in enterprise and information securityrisk management frameworks, including OT-specific risks and dependencies. - Formalise Security Expectations Contracts and SLAs should include clear clauses on information and cybersecurity, audit rights, and perfor- mance metrics. - Monitor and Evaluate Performance Risk assessments, audit reports, and incident records should be reviewed regularly to assess supplier posture and identify areas for improvement. - Enable Continuous Monitoring Monitoring tools and KPIs should be used to track supplier security performance across the lifecycle, including incident response times and conformance rates. - Support Awareness and Training Training and awareness programs should address supply chain-related information and cybersecurity risks for both internal teams and suppliers. - Ensure Lifecycle Coverage Documentation should demonstrate that supply chain security is considered from procurement through to decommissioning, especially for OT systems and components. GV.SC-010 |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
GV.SC-09.1 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Supply chain security monitoring |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Supply chain security practices shall be integrated into information/cybersecurity and enterprise risk management programs, and their performance shall be monitored throughout the product and service life cycle. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1