← Controls / SR

SR-01 Policy and Procedures

Supply Chain Risk Management

Low Moderate High New in Rev 5

Description

Changes from Rev 4

New control family introduced in Rev 5

Compliance Mappings

ISO 27001:2022

4.2A.5.1A.5.19A.5.21

ISO 27002:2022

5.15.195.21

COBIT 2019

APO10

CIS Controls v8

CIS 15CIS 15.2

NIST CSF 2.0

GV.RM-05GV.SC-01GV.SC-02GV.SC-03GV.SC-05GV.SC-09GV.SC-10

SOC 2 TSC

CC1.2-POF1CC1.4-POF1CC1.4-POF2CC1.4-POF3CC2.2-POF1CC2.2-POF7CC2.3-POF12CC3.3CC5.3CC5.3-POF1CC5.3-POF6CC7.2-POF1CC9.1CC9.2CC9.2-POF1P1.1-POF5

PCI DSS v4.0.1

12.812.9

CSA CCM v4

STA-01STA-02STA-03STA-04STA-05STA-06STA-07STA-08STA-10STA-12STA-13STA-14UEM-14

CSA AICM v1

STA-01STA-02STA-03STA-04STA-05STA-06STA-07STA-08STA-10STA-12STA-13STA-14STA-15STA-16UEM-14

ISO 42001:2023

A.10.2A.10.3

NIS2 Directive

Art. 21(2)(d)

PRA Operational Resilience

SS1/21-5.3SS2/21-12.1SS2/21-16.1SS2/21-3.1SS2/21-8.1

MAS TRM

16

APRA CPS 234

Para 29-33

ANSSI

Hygiene.2Hygiene.36Hygiene.42SecNumCloud.16.1SecNumCloud.6.1

FINMA Circular 2023/1

IV.A(23)IV.F(100)V(101)

OSFI B-13

B-13.4.1

EU GDPR

Art.28(1)Art.28(3)Art.28(4)

EU DORA

Art.28(1)(a)Art.28(2)Art.28(4)

BIO2

5.15.195.21

RBI CSF

Annex1.11ITGRCA.10

MLPS 2.0

8.1.10.128.1.9.38.1.9.78.2

DNB Good Practice

DNB.1.2DNB.14.2

EU CRA

CRA.I.1

SWIFT CSCF

SWIFT.2.8

SAMA CSF

1.24.14.24.3

NCA ECC

1-34-14-2

UAE IA

T10T3

CBB TM

TM-15

Qatar NIA

SD

CBUAE

CR-12

CBE CSF

CTO-11OVM-1

SA JS2

JS2-8.7

CBN CSF

Part2.4

BoG CISD

CISD-XICISD-XIICISD-XVI

POPIA

s20s21

BoM CTRM

3.9

IOSCO Cyber Resilience

GOV-1GOV-5PROT-7

CPMI-IOSCO PFMI

CG.IDPFMI.P17

FFIEC IS

II.C.1II.C.14II.C.20

NYDFS 500

500.11500.3

HIPAA Security Rule

§164.314(a)(1)§164.316(a)

ECB CROE

CROE.2.2.3

EBA ICT Guidelines

3.2.33.4.1

SEBI CSCRF

GV.SCPR.CS

BOT Cyber Resilience

Ch5.1Ch5.2

NERC CIP

CIP-013-2

10 CFR 73.54

RG5.71-C-SR

FERC CIP Orders

Order 829Order 850

DOE C2M2 v2.1

THIRD

API 1164

Sec 12

AWIA

AWWA Sec 7

IAEA NSS 17-T

Sec 6

PCI PTS v6

G

TIBER-EU

TIBER.PROV

ISAE 3402

Clause 7Clause 8

Solvency II

Art.41(3)Art.49(1)Art.49(2)DR.272DR.274EIOPA-Cloud-GL11

Lloyd's Minimum Standards

MS13.1MS8.2MS8.8MS9.3

NAIC Insurance Data Security

4D

FCA SYSC 13

SYSC 13.9.1

HITRUST CSF v11

04.a05.b

ISO 27799

14.115.115.25.1

NHS DSPT

NDG-10.1NDG-10.3NDG-10.4

MiCA

Art.66(1)

Basel SCO60

SCO60.54

BSSC Standards

GSP-07

SEC Custody (Digital Assets)

SEC-CD-10