ID.RA-10: Critical suppliers are assessed prior to acquisition

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Conduct supplier risk assessments against business and applicable cybersecurity requirements, including the supply chain