>myctrl.tools
Preferences
Under active development Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC
Compare

GV.SC-05Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties

>Control Description

This cybersecurity supply chain risk management subcategory ensures that requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties. Key activities include: Establish security requirements for suppliers, products, and services commensurate with their criticality level and potential impact if compromised; Include all cybersecurity and supply chain requirements that third parties must follow and how compliance with the requirements may be verified in ...; Define the rules and protocols for information sharing between the organization and its suppliers and sub-tier suppliers in agreements.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
SA-04
Compare
SA-09
Compare
SR-03
Compare
SR-05
Compare
SR-06
Compare
SR-10
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
12.8.1
Compare
12.8.2
Compare
12.8.3
Compare
12.8.5
Compare
12.9.1
Compare
12.9.2
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.19
Compare
5.20
Compare
5.31
Compare

SOC 2 TSC

CC9.2
Compare
P6.4
Compare

CIS Controls v8

15.4
Compare

SCF

CPL-01
Compare
CPL-01.2
Compare
IAO-03.2
Compare
PRI-07.1
Compare
RSK-01
Compare
RSK-09
Compare
TPM-05
Compare
TPM-05.2
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

CCC-05
CEK-08
DSP-13
DSP-14
IPY-04
STA-02
STA-03
STA-04
+5 more

CIS Controls v8.0

15.4

CIS Controls v8.1

15.4

CRI Profile v2.0

EX.CN
EX.CN-01
EX.CN-02
EX.CN-01.01
EX.CN-01.02
EX.CN-01.03
EX.CN-02.01
EX.CN-02.02
+2 more

CSF v1.1

ID.SC-3

CoP

A4

ISO/IEC 27001:2022

Mandatory Clause: 4.2 (a)
Annex A Controls: 5.19
Annex A Controls: 5.20
Annex A Controls: 5.31

NICE Framework

IO-WRL-003
OG-WRL-002
OG-WRL-009
OG-WRL-012
OG-WRL-015
OG-WRL-016

PCI DSS

12.8.2
12.9.1
12.9.2
12.8.5
12.8.3
12.8.1

SCF

CPL-01
RSK-01
RSK-09
TPM-05
TPM-05.2

SP 800-171 Rev 3

03.11.01
03.16.03
03.17.02
03.17.03

SP 800-218

PO.1.3

SP 800-53 Rev 5.1.1

SA-04
SA-09
SR-03
SR-05
SR-06
SR-10

SP 800-53 Rev 5.2.0

SA-04
SA-09
SR-03
SR-05
SR-06
SR-10

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy

Ask AI

Configure your API key to use AI features.