SA-12: Supply Chain Protection
From NIST's SP800-53:
[Withdrawn: Incorporated into SR Family.]
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| ID.SC-2 | Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process |
| ID.SC-1 | Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders |
| ID.SC-4 | Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations. |
| PR.IP-2 | A System Development Life Cycle to manage systems is implemented |
| ID.BE-1 | The organization’s role in the supply chain is identified and communicated |
| ID.SC-3 | Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan. |