NIST CSF: ID.SC-1 Subcategory

From NIST's Cyber Security Framework (version 1):

Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Information and communication technology supply chain (15.1.3)
    ISO 27001:2013
  • Addressing security within supplier agreements (15.1.2)
    ISO 27001:2013
  • Managing changes to supplier services (15.2.2)
    ISO 27001:2013
  • Information security policy for supplier relationships (15.1.1)
    ISO 27001:2013
  • Monitoring and review of supplier services (15.2.1)
    ISO 27001:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.