GV.SC-04—Suppliers are known and prioritized by criticality
>Control Description
This cybersecurity supply chain risk management subcategory ensures that suppliers are known and prioritized by criticality. Key activities include: Develop criteria for supplier criticality based on, for example, the sensitivity of data processed or possessed by suppliers, the degree of access ...; Keep a record of all suppliers, and prioritize suppliers based on the criticality criteria.
>Cross-Framework Mappings
PCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
STA-07
CIS Controls v8.0
15.1
15.3
CIS Controls v8.1
15.1
15.3
CRI Profile v2.0
GV.SC-04
GV.SC-04.01
CSF v1.1
ID.SC-2
CoP
A4
ISO/IEC 27001:2022
Mandatory Clause: 6.1.1
Mandatory Clause: 6.1.2
Mandatory Clause: 6.1.3
Annex A Controls: 5.19
Annex A Controls: 5.22
NICE Framework
IO-WRL-003
OG-WRL-002
OG-WRL-009
OG-WRL-015
OG-WRL-016
PCI DSS
12.8.1
12.8.3
12.8.4
12.8.5
12.8.2
12.5.2
1.2.4
6.3.2
SCF
AST-01
TPM-01
TPM-02
SP 800-171 Rev 3
03.11.01
03.16.03
SP 800-221A
GV.CT-2
GV.CT-3
SP 800-53 Rev 5.1.1
RA-09
SA-09
SR-06
SP 800-53 Rev 5.2.0
RA-09
SA-09
SR-06
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (System Level): TASK P-10 Asset Identification
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
Ask AI
Configure your API key to use AI features.