>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TPM-03Supply Chain Risk Management (SCRM)

Weight: 9

>Control Description

Mechanisms exist to: (1) Evaluate security risks and threats associated with Technology Assets, Applications and/or Services (TAAS) supply chains; and (2) Take appropriate remediation actions to minimize the organization's exposure to those risks and threats, as necessary.

>Cross-Framework Mappings

NIST SP 800-53 r5

SA-9(3)
Compare
SR-2
Compare
SR-2(1)
Compare

NIST CSF 2.0

GV.SC
GV.SC-06
Compare
GV.SC-07
Compare

SOC 2 TSC

CC1.1
Compare
CC3.2
Compare
CC9.1
Compare
CC9.2
Compare

FedRAMP Rev 5

SR-2(1)
Compare

Canada ITSP 10.171

03.11.01.A
Compare
03.17.01.A
Compare
03.17.03.A
Compare
03.17.03.B
Compare

Australia ISM

ISM-0731
Compare
ISM-1452
Compare
ISM-1632
Compare
ISM-1789
Compare
ISM-1882
Compare

India SEBI Guidelines

GV.OC.S3
Compare
GV.SC.S1
Compare

EU Cyber Resilience Act

Article 10.4
Compare

EU DORA

Article 30.3(f)
Compare

UK DEF STAN 05-138

1400.0
Compare

SOC 2 TSC (Detailed)

CC1.1-POF5
Compare
CC3.2-POF7
Compare
CC9.1
Compare
CC9.2-POF1
Compare
CC9.2-POF2
Compare
CC9.2-POF3
Compare
CC9.2-POF4
Compare
CC9.2-POF7
Compare
CC9.2-POF8
Compare
CC9.2-POF9
Compare
CC9.2-POF10
Compare
CC9.2-POF12
Compare

IMO Maritime Cyber Risk

3.5.3.8
Compare

ISO 27002:2022

5.19
Compare
5.21
Compare
5.22
Compare
8.3
Compare

ISO 42001:2023 (Detailed)

A.10
Compare
A.10.2
Compare
A.10.3
Compare

NIST SP 800-161

SA-9(3)
Compare
SR-2
Compare

NIST SP 800-171 Rev 3

03.11.01.a
Compare
03.17.01.a
Compare
03.17.03.a
Compare
03.17.03.b
Compare

SPARTA

CM0026
Compare
CM0027
Compare

Data Privacy Management Principles

10.1
Compare

CISA CPG

1.H
Compare
1.I
Compare

GLBA (16 CFR 314)

314.4(f)(1)
Compare

NERC CIP

CIP-013-2 1.2.5
Compare
CIP-013-2 1.2.6
Compare

SEC Cybersecurity Rule

17 CFR 229.106(b)(1)(iii)
Compare

Ask AI

Configure your API key to use AI features.