Mini-Capsules - NIST Cybersecurity Framework (NIST CSF) - Episode 7 - Identify – Supply Chain Risk Management (ID.SC)

Dans l'épisode d'aujourd'hui, Frederic Deneault vulgarise les contrôles de la catégorie Supply Chain Risk Management (ID.SC) de la fonction Identify du NIST cybersecurity framework.

NIST ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders

NIST ID.SC-2: Suppliers and third-party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process 

NIST ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.

NIST ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.

NIST ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers

Si vous avez des questions ou vous voulez partager votre opinion, n'hésitez pas!
 Suivez-moi sur LinkedIn: - Frederic Deneault https://bit.ly/38BEZp2
Le podcast Discutons Gouvernance https://bit.ly/2YdfJn4