GV.SC-09:

Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle

Implementation Examples

Ex1:

Policies and procedures require provenance records for all acquired technology products and services

Ex2:

Periodically provide risk reporting to leaders about how acquired components are proven to be untampered and authentic

Ex3:

Communicate regularly among cybersecurity risk managers and operations personnel about the need to acquire software patches, updates, and upgrades only from authenticated and trustworthy software providers

Ex4:

Review policies to ensure that they require approved supplier personnel to perform maintenance on supplier products

Ex5:

Policies and procedure require checking upgrades to critical hardware for unauthorized changes

GV.SC-09:

Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle

Implementation Examples

Ex1:

Ex2:

Ex3:

Ex4:

Ex5:

Peaches.Cloud

Quick Links

Contact

Support Our Research