>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CA-1Policy And Procedures

>Control Description

Integrate the development and implementation of assessment and authorization policies and procedures for supply chain cybersecurity into the control assessment and authorization policy and related C-SCRM Strategy/Implementation Plan(s), policies, and system-level plans. To address cybersecurity risks throughout the supply chain, enterprises should develop a C-SCRM policy (or, if required, integrate into existing policies) to direct C-SCRM activities for control assessment and authorization. The C-SCRM policy should define C-SCRM roles and responsibilities within the enterprise for conducting control assessment and authorization, any dependencies among those roles, and the interaction among the roles. Enterprise-wide security and privacy risks should be assessed on an ongoing basis and include supply chain risk assessment results.

>Cross-Framework Mappings

SCF

IAO-01
Compare
GOV-02
Compare
GOV-03
Compare

Ask AI

Configure your API key to use AI features.