Supply Chain CISA Cybersecurity Performance Goals 2023
CISA Cybersecurity Performance Goals: Supply Chain Security Controls
Controls that manage cybersecurity risk introduced by third-party vendors and service providers.
3 controls
0 critical
9h est. effort
1 categories
Supply Chain
sc-1
Third-party software and services are inventoried and assessed for risk
Modern software stacks rely on dozens or hundreds of third-party components, SaaS tools, and managed...
high 4h
sc-2
Vendor contracts include minimum cybersecurity requirements
A vendor security questionnaire is useful, but without contractual obligations there is no legal bas...
medium 3h
sc-3
Software is obtained from trusted sources and integrity is verified
Attackers increasingly compromise software supply chains by injecting malicious code into legitimate...
medium 2h