>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GV.SC-01A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders

>Control Description

This cybersecurity supply chain risk management subcategory ensures that a cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders. Key activities include: Establish a strategy that expresses the objectives of the cybersecurity supply chain risk management program; Develop the cybersecurity supply chain risk management program, including a plan (with milestones), policies, and procedures that guide implementat...; Develop and implement program processes based on the strategy, objectives, policies, and procedures that are agreed upon and performed by the organ....

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
PM-30
Compare
SR-02
Compare
SR-03
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
1.2.3
Compare
1.2.4
Compare
11.6.1
Compare
12.1.4
Compare
12.8.1
Compare
12.8.3
Compare
12.8.4
Compare
12.8.5
Compare
12.9.1
Compare
12.9.2
Compare
6.3.1
Compare
6.3.2
Compare
6.4.3
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.1
Compare
5.19
Compare
5.20
Compare
5.21
Compare
5.22
Compare

CIS Controls v8

15.2
Compare

SCF

GOV-01
Compare
GOV-01.1
Compare
GOV-02
Compare
RSK-01
Compare
RSK-09
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

STA-01
STA-06
STA-08

CIS Controls v8.0

15.2

CIS Controls v8.1

15.2

CRI Profile v2.0

GV.SC-01
GV.SC-01.01
GV.SC-01.02

CSF v1.1

ID.SC-1

CoP

A4

ISO/IEC 27001:2022

Mandatory Clause: 8.1
Annex A Controls: 5.1
Annex A Controls: 5.19
Annex A Controls: 5.20
Annex A Controls: 5.21
Annex A Controls: 5.22

NICE Framework

OG-WRL-002
OG-WRL-006
OG-WRL-009
OG-WRL-012
OG-WRL-015
OG-WRL-016

PCI DSS

12.8.1
12.8.3
12.8.4
12.8.5
12.9.1
12.9.2
12.1.4
1.2.3
+5 more

SCF

GOV-01
GOV-02
RSK-01
RSK-09

SP 800-171 Rev 3

03.17.01
03.17.03

SP 800-221A

GV.PO-1

SP 800-53 Rev 5.1.1

PM-30
SR-02
SR-03

SP 800-53 Rev 5.2.0

PM-30
SR-02
SR-03

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-1 Risk Management Roles
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
RMF Prepare Step (System Level): TASK P-9 System Stakeholders

Ask AI

Configure your API key to use AI features.