NIST CSF: ID.SC-1 Subcategory

Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Showing 1 to 3 of 3 entries

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Information and communication technology supply chain (15.1.3)
ISO 27001:2013
Addressing security within supplier agreements (15.1.2)
ISO 27001:2013
Managing changes to supplier services (15.2.2)
ISO 27001:2013
Information security policy for supplier relationships (15.1.1)
ISO 27001:2013
Monitoring and review of supplier services (15.2.1)
ISO 27001:2013

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

Search:

ATT&CK ID	Title	Associated Tactics
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1041	Exfiltration Over C2 Channel	Exfiltration
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1567	Exfiltration Over Web Service	Exfiltration

Showing 1 to 5 of 5 entries

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
A4.a	Supply Chain	The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.

Showing 1 to 1 of 1 entries