GV.SC-08—Relevant suppliers and other third parties are included in incident planning, response, and recovery activities
>Control Description
This cybersecurity supply chain risk management subcategory ensures that relevant suppliers and other third parties are included in incident planning, response, and recovery activities. Key activities include: Define and use rules and protocols for reporting incident response and recovery activities and the status between the organization and its suppliers; Identify and document the roles and responsibilities of the organization and its suppliers for incident response; Include critical suppliers in incident response exercises and simulations.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
BCR-06
BCR-07
DSP-18
SEF-03
SEF-04
SEF-07
UEM-14
CIS Controls v8.0
15.4
CIS Controls v8.1
15.4
CRI Profile v2.0
GV.SC-08
GV.SC-08.01
CSF v1.1
ID.SC-5
CoP
A4
ISO/IEC 27001:2022
Mandatory Clause: None
Annex A Controls: 5.26
NICE Framework
IO-WRL-005
OG-WRL-002
OG-WRL-009
OG-WRL-012
OG-WRL-015
OG-WRL-016
PD-WRL-003
PCI DSS
12.10.5
12.10.1
12.8.5
12.8.1
1.2.4
1.2.3
12.10.2
12.10.6
+2 more
SCF
BCD-01
BCD-01.2
IRO-01
IRO-02
IRO-02.5
TPM-01
TPM-02
TPM-10
+1 more
SP 800-171 Rev 3
03.06.01
03.06.02
03.06.05
03.15.01
03.16.03
03.17.01
03.17.03
SP 800-221A
GV.CT-3
SP 800-53 Rev 5.1.1
SA-04
SA-09
SR-02
SR-03
SR-08
CP-01
IR-01
SP 800-53 Rev 5.2.0
SA-04
SA-09
SR-02
SR-03
SR-08
CP-01
IR-01
SP-800-37 Rev 2
RMF Prepare Step (System Level): TASK P-9 System Stakeholders
RMF Monitor Step: TASK M-1 System and Environment Changes
RMF Monitor Step: TASK M-3 Ongoing Risk Response
Ask AI
Configure your API key to use AI features.