NIST CSF: ID.SC-5 Subcategory
From NIST's Cyber Security Framework (version 1):
Response and recovery planning and testing are conducted with suppliers and third-party providers
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Verify, review, and evaluate information security continuity (17.1.3)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Test and update the business continuity plan (4.3.2.5.7)
ISA/IEC 62443-2-1:2009 -
Control system backup (SR 7.3)
ISA/IEC 62443-3-3:2013 -
Control system recovery and reconstitution (SR 7.4)
ISA/IEC 62443-3-3:2013 -
Auditable events (SR 2.8)
ISA/IEC 62443-3-3:2013 -
Security functionality verification (SR 3.3)
ISA/IEC 62443-3-3:2013 -
Conduct drills (4.3.4.5.11)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1561 | Disk Wipe | Impact |
| T1561.001 | Disk Content Wipe | Impact |
| T1486 | Data Encrypted for Impact | Impact |
| T1490 | Inhibit System Recovery | Impact |
| T1491.001 | Internal Defacement | Impact |
| T1485 | Data Destruction | Impact |
| T1561.002 | Disk Structure Wipe | Impact |
| T1491.002 | External Defacement | Impact |
| T1491 | Defacement | Impact |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| D1.c | Testing and Exercising | Your organisation carries out exercises to test response plans, using past incidents that affected your (and other) organisation, and scenarios that draw on threat intelligence and your risk assessment. |
| D1.b | Response and Recovery Capability | You have the capability to enact your incident response plan, including effective limitation of impact on the operation of your essential function. During an incident, you have access to timely information on which to base your response decisions. |
| B5.a | Resilience Preparation | You are prepared to restore the operation of your essential function following adverse impact. |
| A4.a | Supply Chain | The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used. |
| D1.a | Response Plan | You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios. |