AuditRubric
third-party-risk

third-party-risk Controls

5 controls across 1 framework.

NIST CSF

gv-sc-1

A cybersecurity supply chain risk management program is established

Govern / Cybersecurity Supply Chain Risk Management
gv-sc-4

Suppliers are known and prioritized by criticality

Govern / Cybersecurity Supply Chain Risk Management
gv-sc-6

Due diligence is performed before entering into supplier relationships

Govern / Cybersecurity Supply Chain Risk Management
gv-sc-7

Risks from suppliers are assessed, monitored, and responded to throughout the relationship

Govern / Cybersecurity Supply Chain Risk Management
id-ra-10

Critical suppliers are assessed prior to acquisition

Identify / Risk Assessment