>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GV.SC-07The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship

>Control Description

This cybersecurity supply chain risk management subcategory ensures that the risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. Key activities include: Adjust assessment formats and frequencies based on the third party’s reputation and the criticality of the products or services they provide; Evaluate third parties’ evidence of compliance with contractual cybersecurity requirements, such as self-attestations, warranties, certifications, ...; Monitor critical suppliers to ensure that they are fulfilling their security obligations throughout the supplier relationship lifecycle using a var....

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
RA-09
Compare
SA-04
Compare
SA-09
Compare
SR-03
Compare
SR-06
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
1.2.4
Compare
11.6.1
Compare
12.5.2
Compare
12.8.1
Compare
12.8.2
Compare
12.8.3
Compare
12.8.4
Compare
12.8.5
Compare
12.9.1
Compare
12.9.2
Compare
6.3.1
Compare
6.3.2
Compare
6.4.3
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.19
Compare
5.20
Compare
5.31
Compare

SOC 2 TSC

CC2.3
Compare
P6.1
Compare
P6.5
Compare

CIS Controls v8

15.6
Compare

SCF

TPM-01
Compare
TPM-01.1
Compare
TPM-02
Compare
TPM-03
Compare
TPM-03.2
Compare
TPM-03.3
Compare
TPM-04
Compare
TPM-04.1
Compare
TPM-08
Compare
TPM-09
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

STA-01
STA-08
STA-10
STA-11
STA-12
STA-13
STA-14
UEM-14

CIS Controls v8.0

15.6

CIS Controls v8.1

15.6

CRI Profile v2.0

EX.MM
EX.MM-01
EX.MM-02
EX.MM-01.01
EX.MM-01.02
EX.MM-01.03
EX.MM-01.04
EX.MM-01.05
+4 more

CSF v1.1

ID.SC-2
ID.SC-4

CoP

A4

ISO/IEC 27001:2022

Mandatory Clause: 6.1.1
Mandatory Clause: 6.1.2
Mandatory Clause: 6.1.3
Annex A Controls: 5.19
Annex A Controls: 5.20
Annex A Controls: 5.31

NICE Framework

OG-WRL-002
OG-WRL-009
OG-WRL-012
OG-WRL-015
OG-WRL-016

PCI DSS

12.8.4
12.9.2
12.9.1
12.8.5
12.8.2
12.8.3
12.8.1
12.5.2
+5 more

SCF

TPM-01
TPM-02
TPM-03
TPM-03.2
TPM-03.3
TPM-04
TPM-04.1
TPM-08

SP 800-171 Rev 3

03.11.01
03.16.03
03.17.03

SP 800-218

PW.4.1
PW.4.4

SP 800-221A

GV.CT-2
GV.CT-3
MA.RM-2
MA.RM-3

SP 800-53 Rev 5.1.1

RA-09
SA-04
SA-09
SR-03
SR-06

SP 800-53 Rev 5.2.0

RA-09
SA-04
SA-09
SR-03
SR-06

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
RMF Select Step: TASK S-5 Continuous Monitoring Strategy— System
RMF Assess Step: TASK A-3 Control Assessments
RMF Assess Step: TASK A-5 Remediation Actions
RMF Assess Step: TASK A-6 Plan of Action and Milestones
+5 more

Ask AI

Configure your API key to use AI features.