GV.SC-10—Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
>Control Description
This cybersecurity supply chain risk management subcategory ensures that cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement. Key activities include: Establish processes for terminating critical relationships under both normal and adverse circumstances; Define and implement plans for component end-of-life maintenance support and obsolescence; Verify that supplier access to organization resources is deactivated promptly when it is no longer needed.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
DSP-02
DSP-16
HRS-05
IAM-07
IPY-04
SEF-04
CIS Controls v8.0
15.7
CIS Controls v8.1
15.7
CRI Profile v2.0
EX.TR
EX.TR-01
EX.TR-02
EX.TR-01.01
EX.TR-01.02
EX.TR-01.03
EX.TR-02.01
CSF v1.1
ID.SC-1
CoP
A4
ISO/IEC 27001:2022
Mandatory Clause: 6.1.1
Mandatory Clause: 6.1.2
Mandatory Clause: 6.1.3
Annex A Controls: 5.19
Annex A Controls: 5.20
Annex A Controls: 5.21
Annex A Controls: 5.22
NICE Framework
OG-WRL-002
OG-WRL-009
OG-WRL-012
OG-WRL-015
OG-WRL-016
PCI DSS
12.8.2
12.8.5
12.8.3
8.2.5
9.3.1.1
12.3.4
6.4.3
12.10.1
+6 more
SCF
RSK-09
TPM-01
TPM-05.2
SP 800-171 Rev 3
03.11.01
03.11.02
03.11.04
03.14.08
03.16.03
03.17.01
03.17.02
03.17.03
SP 800-221A
GV.PO-1
SP 800-53 Rev 5.1.1
PM-31
RA-03
RA-05
RA-07
SA-04
SA-09
SR-02
SR-03
+2 more
SP 800-53 Rev 5.2.0
PM-31
RA-03
RA-05
RA-07
SA-04
SA-09
SR-02
SR-03
+2 more
SP-800-37 Rev 2
RMF Prepare Step (System Level): TASK P-15 Requirements Definition
RMF Monitor Step: TASK M-7 System Disposal
Ask AI
Configure your API key to use AI features.