GV.SC-02—Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally
>Control Description
This cybersecurity supply chain risk management subcategory ensures that cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally. Key activities include: Identify one or more specific roles or positions that will be responsible and accountable for planning, resourcing, and executing cybersecurity sup...; Document cybersecurity supply chain risk management roles and responsibilities in policy; Create responsibility matrixes to document who will be responsible and accountable for cybersecurity supply chain risk management activities and ho....
>Cross-Framework Mappings
ISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
HRS-09
HRS-10
HRS-13
IAM-11
STA-01
STA-02
STA-03
STA-04
+4 more
CIS Controls v8.0
15.4
CIS Controls v8.1
15.4
CRI Profile v2.0
GV.SC-02
GV.SC-02.01
CSF v1.1
ID.AM-6
CoP
A4
ISO/IEC 27001:2022
Mandatory Clause: 5.3
Annex A Controls: 5.2
Annex A Controls: 5.4
NICE Framework
OG-WRL-002
OG-WRL-003
OG-WRL-009
OG-WRL-012
OG-WRL-015
OG-WRL-016
PCI DSS
12.8.3
12.8.4
12.1.4
12.10.1
SCF
TPM-05
TPM-05.2
TPM-05.4
SP 800-171 Rev 3
03.17.02
03.17.03
SP 800-218
PO.2.1
SP 800-221A
GV.RR-1
GV.RR-2
SP 800-53 Rev 5.1.1
SR-02
SR-03
SR-05
SP 800-53 Rev 5.2.0
SR-02
SR-03
SR-05
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-1 Risk Management Roles
Ask AI
Configure your API key to use AI features.