STA-06: Supply Chain Governance Reviews

Control Family:

Supply Chain Management, Transparency, and Accountability

CSF v1.1 References:

ID.RA-4
ID.RA-5
ID.SC-4

PF v1.0 References:

ID.RA-P4
ID.DE-P5

Control Statement

Providers shall review the risk management and governance processes of their partners so that practices are consistent and aligned to account for risks inherited from other members of that partner’s cloud supply chain.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4