GV.SC-04: Suppliers are known and prioritized by criticality


[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Develop criteria for supplier criticality based on, for example, the sensitivity of data processed or possessed by suppliers, the degree of access to the organization's systems, and the importance of the products or services to the organization's mission

Ex2: Keep a record of all suppliers, and prioritize suppliers based on the criticality criteria

3rd: 3rd Party Risk