ID.BE-1: The organization’s role in the supply chain is identified and communicated
PF v1.0 References:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
SR-1: Policy and Procedures
Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: [Assignment (one or more): organization-level, mission/business process-level, system-level] supply chain risk management policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate…
SR-3: Supply Chain Controls and Processes
Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of [Assignment: organization-defined system or system component] in coordination with [Assignment: organization-defined supply chain personnel]; Employ the following controls to protect against supply chain risks to the system, system component, or system service and to limit…
Cloud Controls Matrix v3.0.1
BCR-01: Business Continuity Planning
A consistent unified framework for business continuity planning and plan development shall be established, documented, and adopted to ensure all business continuity plans are consistent in addressing priorities for testing, maintenance, and information security requirements. Requirements for business continuity plans include the following: Defined purpose and scope, aligned with relevant dependencies Accessible to and understood…
BCR-09: Impact Analysis
There shall be a defined and documented method for determining the impact of any disruption to the organization (cloud provider, cloud consumer) that must incorporate the following: Identify critical products and services Identify all dependencies, including processes, applications, business partners, and third party service providers Understand threats to critical products and services Determine impacts resulting…
NIST Special Publication 800-53 Revision 4
CP-2: Contingency Plan
The organization: Develops a contingency plan for the information system that: Identifies essential missions and business functions and associated contingency requirements; Provides recovery objectives, restoration priorities, and metrics; Addresses contingency roles, responsibilities, assigned individuals with contact information; Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; Addresses eventual, full…
SA-12: Supply Chain Protection
The organization protects against supply chain threats to the information system, system component, or information system service by employing [Assignment: organization-defined security safeguards] as part of a comprehensive, defense-in-breadth information security strategy.