ID.RA-10—Critical suppliers are assessed prior to acquisition
>Control Description
This risk assessment subcategory ensures that critical suppliers are assessed prior to acquisition. Key activities include: Conduct supplier risk assessments against business and applicable cybersecurity requirements, including the supply chain.
>Cross-Framework Mappings
>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
STA-08
CRI Profile v2.0
EX.DD-03
EX.DD-03.01
EX.DD-03.02
EX.DD-03.03
CSF v1.1
ID.SC-2
ID.SC-4
CoP
A4
ISO/IEC 27001:2022
Mandatory Clause: None
Annex A Controls: 5.19
Annex A Controls: 5.20
Annex A Controls: 5.22
NICE Framework
IO-WRL-006
OG-WRL-009
OG-WRL-013
OG-WRL-014
OG-WRL-015
OG-WRL-016
PD-WRL-006
PD-WRL-007
PCI DSS
12.8.3
12.8.1
12.8.2
SCF
TPM-02
TPM-04.1
SP 800-171 Rev 3
03.11.01
SP 800-221A
GV.CT-2
GV.CT-3
MA.RM-2
MA.RM-3
SP 800-53 Rev 5.1.1
SR-06
SP 800-53 Rev 5.2.0
SR-06
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (System Level): TASK P-10 Asset Identification
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
Ask AI
Configure your API key to use AI features.