GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes


[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Identify areas of alignment and overlap with cybersecurity and enterprise risk management

Ex2: Establish integrated control sets for cybersecurity risk management and cybersecurity supply chain risk management

Ex3: Integrate cybersecurity supply chain risk management into improvement processes

Ex4: Escalate material cybersecurity risks in supply chains to senior management, and address them at the enterprise risk management level

3rd: 3rd Party Risk