GV.SC-01:
Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes
Implementation Examples
Ex1:
Identify areas of alignment and overlap with cybersecurity and enterprise risk management
Ex2:
Establish integrated control sets for cybersecurity risk management and cybersecurity supply chain risk management
Ex3:
Integrate cybersecurity supply chain risk management into improvement processes
Ex4:
Escalate material cybersecurity risks in supply chains to senior management, and address them at the enterprise risk management level