|
GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes
|
http://cyfun.data.gift/data/nist_subcategory_GV_SC_03
|
5 |
|
GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes
|
http://cyfun.data.gift/data/subcategory_GV.SC-03
|
13 |
|
GV.SC-05.1: Requirements for addressing cybersecurity risks and the sharing of sensitive infor- mation in supply chains shall be established, prioritised, integrated into contracts and other types of formal agreements, and enforced.
|
http://cyfun.data.gift/data/requirement_GV_SC_05_1
|
19 |
|
GV.SC-05.2: Contractual information/cybersecurity requirements for suppliers and external part- ners shall be implemented to ensure a verifiable flaw resolution process and to ensure that deficiencies identified during information/cybersecurity testing and evaluation are remedied.
|
http://cyfun.data.gift/data/requirement_GV_SC_05_2
|
19 |
|
GV.SC-05.3: The organisation shall establish contractual requirements permitting the organisation to review the information/cybersecurity programs implemented by suppliers and third-party partners.
|
http://cyfun.data.gift/data/requirement_GV_SC_05_3
|
19 |
|
GV.SC-05: Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties
|
http://cyfun.data.gift/data/nist_subcategory_GV_SC_05
|
5 |
|
GV.SC-05: Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties
|
http://cyfun.data.gift/data/subcategory_GV.SC-05
|
19 |
|
GV.SC-06.1: Planning and due diligence shall be carried out to reduce risks before entering into formal relationships with suppliers or other third parties.
|
http://cyfun.data.gift/data/requirement_GV_SC_06_1
|
17 |
|
GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
|
http://cyfun.data.gift/data/nist_subcategory_GV_SC_06
|
5 |
|
GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
|
http://cyfun.data.gift/data/subcategory_GV.SC-06
|
13 |
|
GV.SC-07.1: The risks posed by a supplier, its products and services and other third parties shall be identified, documented, prioritised, mitigated and assessed at least annually and when changes occur during the relationship.
|
http://cyfun.data.gift/data/requirement_GV_SC_07_1
|
19 |
|
GV.SC-07.2: A documented list of all critical suppliers, vendors and partners of the organisation that may be involved in a major incident shall be established, kept up-to-date and made available online and off-line with due regard to confidentiality and security.
|
http://cyfun.data.gift/data/requirement_GV_SC_07_2
|
17 |