Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
GV.SC-05.2: Contractual information/cybersecurity requirements for suppliers and external part- ners shall be implemented to ensure a verifiable flaw resolution process and to ensure that deficiencies identified during information/cybersecurity testing and evaluation are remedied. |
|
GV.SC-05.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p36 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
<div><p>The goal of this control, which is related to GV.SC-09.1, is to embed enforceable requirements in supplier con- tracts to guarantee timely flaw remediation and resolution of cybersecurity issues identified through testing and evaluation. To achieve this goal, the following should be considered:</p><ul><li>Information systems containing software (or firmware) affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) should be identified.</li><li>Newlyreleased securityrelevantpatches, servicepacks, andhotfixesshouldbeinstalled, andthese patches, service packs, and hot fixes are tested for effectiveness and potential side effects on the organisation’s infor- mation systems before installation. Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling are also addressed expeditiously. Flaw remediation should be incorporated into configuration management as an emergency change.</li><li>Consider to contractually require suppliers to disclose information/cybersecurity features, functions, and vulnerabilities of their products and services for the life of the product or the term of service.</li><li>Considertocontractuallyrequiresupplierstoprovideandmaintainacurrentcomponentinventory(e.g.soft- ware or hardware bill of materials) for critical products.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control, which is related to GV.SC-09.1, is to embed enforceable requirements in supplier con- tracts to guarantee timely flaw remediation and resolution of cybersecurity issues identified through testing and evaluation. To achieve this goal, the following should be considered: - Information systems containing software (or firmware) affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) should be identified. - Newlyreleased securityrelevantpatches, servicepacks, andhotfixesshouldbeinstalled, andthese patches, service packs, and hot fixes are tested for effectiveness and potential side effects on the organisation’s infor- mation systems before installation. Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling are also addressed expeditiously. Flaw remediation should be incorporated into configuration management as an emergency change. - Consider to contractually require suppliers to disclose information/cybersecurity features, functions, and vulnerabilities of their products and services for the life of the product or the term of service. - Considertocontractuallyrequiresupplierstoprovideandmaintainacurrentcomponentinventory(e.g.soft- ware or hardware bill of materials) for critical products. |
|
A general note, for any purpose. |
The goal of this control, which is related to GV.SC-09.1, is to embed enforceable requirements in supplier con- tracts to guarantee timely flaw remediation and resolution of cybersecurity issues identified through testing and evaluation. To achieve this goal, the following should be considered: • Information systems containing software (or firmware) affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) should be identified. • Newlyreleased securityrelevantpatches, servicepacks, andhotfixesshouldbeinstalled, andthese patches, service packs, and hot fixes are tested for effectiveness and potential side effects on the organisation’s infor- mation systems before installation. Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling are also addressed expeditiously. Flaw remediation should be incorporated into configuration management as an emergency change. • Consider to contractually require suppliers to disclose information/cybersecurity features, functions, and vulnerabilities of their products and services for the life of the product or the term of service. • Considertocontractuallyrequiresupplierstoprovideandmaintainacurrentcomponentinventory(e.g.soft- ware or hardware bill of materials) for critical products. |
|
A general note, for any purpose. |
The goal of this control, which is related to GV.SC-09.1, is to embed enforceable requirements in supplier con- tracts to guarantee timely flaw remediation and resolution of cybersecurity issues identified through testing and evaluation. To achieve this goal, the following should be considered: - Information systems containing software (or firmware) affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) should be identified. - Newlyreleased securityrelevantpatches, servicepacks, andhotfixesshouldbeinstalled, andthese patches, service packs, and hot fixes are tested for effectiveness and potential side effects on the organisation’s infor- mation systems before installation. Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling are also addressed expeditiously. Flaw remediation should be incorporated into configuration management as an emergency change. - Consider to contractually require suppliers to disclose information/cybersecurity features, functions, and vulnerabilities of their products and services for the life of the product or the term of service. - Considertocontractuallyrequiresupplierstoprovideandmaintainacurrentcomponentinventory(e.g.soft- ware or hardware bill of materials) for critical products. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
GV.SC-05.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Supplier flaw resolution requirements |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Contractual information/cybersecurity requirements for suppliers and external part- ners shall be implemented to ensure a verifiable flaw resolution process and to ensure that deficiencies identified during information/cybersecurity testing and evaluation are remedied. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
1 |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1