GV.SC-06—Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
>Control Description
This cybersecurity supply chain risk management subcategory ensures that planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships. Key activities include: Perform thorough due diligence on prospective suppliers that is consistent with procurement planning and commensurate with the level of risk, criti...; Assess the suitability of the technology and cybersecurity capabilities and the risk management practices of prospective suppliers; Conduct supplier risk assessments against business and applicable cybersecurity requirements.
>Cross-Framework Mappings
PCI DSS v4.0.1
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
STA-01
STA-08
STA-11
CIS Controls v8.0
15.5
CIS Controls v8.1
15.5
CRI Profile v2.0
EX.DD
EX.DD-01
EX.DD-02
EX.DD-01.01
EX.DD-01.02
EX.DD-01.03
EX.DD-02.01
EX.DD-02.02
+2 more
CSF v1.1
ID.SC-1
CoP
A4
ISO/IEC 27001:2022
Mandatory Clause: 4.2 (a)
Annex A Controls: 5.19
Annex A Controls: 5.20
Annex A Controls: 5.31
NICE Framework
OG-WRL-002
OG-WRL-006
OG-WRL-009
OG-WRL-012
OG-WRL-015
OG-WRL-016
PCI DSS
12.8.3
12.8.1
12.8.5
12.8.2
12.5.2
1.2.4
1.2.3
SCF
TPM-01
TPM-02
TPM-03
TPM-03.2
TPM-03.3
TPM-04
TPM-04.1
TPM-04.3
+5 more
SP 800-171 Rev 3
03.11.01
03.16.03
03.17.02
SP 800-221A
GV.PO-1
SP 800-53 Rev 5.1.1
SA-04
SA-09
SR-05
SR-06
SP 800-53 Rev 5.2.0
SA-04
SA-09
SR-05
SR-06
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
Ask AI
Configure your API key to use AI features.