Risk Management Strategy (RM)
Organizational risk tolerance is determined and clearly expressed
Risk Management Strategy (RM)
The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
Supply Chain Risk Management (SC)
Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders
Supply Chain Risk Management (SC)
Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process
Supply Chain Risk Management (SC)
Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.
Supply Chain Risk Management (SC)
Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.
Supply Chain Risk Management (SC)
Response and recovery planning and testing are conducted with suppliers and third-party providers
Authentication and Access Control (AC)
Level N/A
Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
Authentication and Access Control (AC)
Level N/A
Physical access to assets is managed and protected
Authentication and Access Control (AC)
Level N/A
Remote access is managed
