GV.SC-03—Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes

>Control Description

This cybersecurity supply chain risk management subcategory ensures that cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes. Key activities include: Identify areas of alignment and overlap with cybersecurity and enterprise risk management; Establish integrated control sets for cybersecurity risk management and cybersecurity supply chain risk management; Integrate cybersecurity supply chain risk management into improvement processes.

>Control Description

>Cross-Framework Mappings

NIST SP 800-53 r5

PCI DSS v4.0.1

ISO 27001:2022

SOC 2 TSC

SCF

>Informative References

CCMv4.0

CRI Profile v2.0

CSF v1.1

CoP

ISO/IEC 27001:2022

NICE Framework

PCI DSS

SCF

SP 800-171 Rev 3

SP 800-218

SP 800-221A

SP 800-53 Rev 5.1.1

SP 800-53 Rev 5.2.0

SP-800-37 Rev 2

Ask AI