NIST CSF: ID.SC-4 Subcategory

From NIST's Cyber Security Framework (version 1):

Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
SA-12: Supply Chain Protection
SA-9: External System Services
AU-12: Audit Record Generation
AU-2: Event Logging
PS-7: External Personnel Security
AU-16: Cross-organizational Audit Logging
AU-6: Audit Record Review, Analysis, and Reporting

Showing 1 to 7 of 7 entries

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Monitoring and review of supplier services (15.2.1)
ISO 27001:2013
Managing changes to supplier services (15.2.2)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Review and update the cyber security policies and procedures (4.3.2.6.7)
ISA/IEC 62443-2-1:2009
Audit log accessibility (SR 6.1)
ISA/IEC 62443-3-3:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

Search:

ATT&CK ID	Title	Associated Tactics
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1041	Exfiltration Over C2 Channel	Exfiltration
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1567	Exfiltration Over Web Service	Exfiltration
T1556.006	Multi-Factor Authentication	Credential Access, Defense Evasion, Persistence
T1556.007	Hybrid Identity	Credential Access, Defense Evasion, Persistence
T1593.003	Code Repositories	Reconnaissance

Showing 1 to 8 of 8 entries

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
A4.a	Supply Chain	The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.

Showing 1 to 1 of 1 entries

NIST CSF: ID.SC-4 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Monitoring and review of supplier services (15.2.1)

Managing changes to supplier services (15.2.2)

Related ISA/IEC 62443 Controls

Review and update the cyber security policies and procedures (4.3.2.6.7)

Audit log accessibility (SR 6.1)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF