|
GV.SC-07.3: The organisation shall audit business-critical third-party service providers for secu- rity compliance.
|
http://cyfun.data.gift/data/requirement_GV_SC_07_3
|
17 |
|
GV.SC-07.4: The organisation shall ensure conformity with information/cybersecurity contractual obligations by suppliers and third-party partners through regular reviews of independ- ent audits, assessments, and third-party evaluations.
|
http://cyfun.data.gift/data/requirement_GV_SC_07_4
|
17 |
|
GV.SC-07: The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship
|
http://cyfun.data.gift/data/nist_subcategory_GV_SC_07
|
5 |
|
GV.SC-07: The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship
|
http://cyfun.data.gift/data/subcategory_GV.SC-07
|
21 |
|
GV.SC-08.1: The organisation shall identify and document key personnel from relevant suppliers and other third parties to include them in incident planning, response, and recovery activities.
|
http://cyfun.data.gift/data/requirement_GV_SC_08_1
|
19 |
|
GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities
|
http://cyfun.data.gift/data/nist_subcategory_GV_SC_08
|
5 |
|
GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities
|
http://cyfun.data.gift/data/subcategory_GV.SC-08
|
15 |
|
GV.SC-09.1: Supply chain security practices shall be integrated into information/cybersecurity and enterprise risk management programs, and their performance shall be monitored throughout the product and service life cycle.
|
http://cyfun.data.gift/data/requirement_GV_SC_09_1
|
17 |
|
GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
|
http://cyfun.data.gift/data/nist_subcategory_GV_SC_09
|
5 |
|
GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
|
http://cyfun.data.gift/data/subcategory_GV.SC-09
|
13 |
|
GV.SC-10.1: Cybersecurity supply chain risk management plans shall include actions and respon- sibilities for managing risks that may arise after a supplier relationship or service agreement has ended.
|
http://cyfun.data.gift/data/requirement_GV_SC_10_1
|
17 |
|
GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
|
http://cyfun.data.gift/data/nist_subcategory_GV_SC_10
|
5 |