SR-02 Supply Chain Risk Management Plan
Supply Chain Risk Management
Low Moderate High New in Rev 5
Description
Changes from Rev 4
New control family introduced in Rev 5
Compliance Mappings
ISO 27001:2022
4.2A.5.19A.5.21
ISO 27002:2022
5.195.21
COBIT 2019
APO10
CIS Controls v8
CIS 15CIS 15.3
NIST CSF 2.0
GV.SC-01GV.SC-03GV.SC-04GV.SC-05GV.SC-07GV.SC-09
SOC 2 TSC
CC3.1CC3.2CC4.1CC9.1CC9.2CC9.2-POF1
CSA CCM v4
STA-02STA-07STA-08
CSA AICM v1
STA-02STA-07STA-08STA-16
ISO 42001:2023
A.10.2A.10.3
NIS2 Directive
Art. 21(2)(d)
PRA Operational Resilience
SS1/21-5.3SS2/21-16.1SS2/21-3.1SS2/21-8.1
MAS TRM
16
ANSSI
Hygiene.36Hygiene.42SecNumCloud.16.1
FINMA Circular 2023/1
IV.F(100)V(101)V(102)V(103)
OSFI B-13
B-13.4.1
EU GDPR
Art.28(1)Art.28(3)(c)Art.28(3)(h)
EU DORA
Art.28(4)Art.28(5)
BIO2
5.195.21
RBI CSF
Annex1.11ITGRCA.10
DNB Good Practice
DNB.14.2
EU CRA
CRA.I.1
SAMA CSF
4.14.2
NCA ECC
4-1
UAE IA
T10
CBB TM
TM-15
Qatar NIA
SD
CBUAE
CR-12
CBE CSF
OVM-1
SA JS2
JS2-8.7
CBN CSF
Part2.4
BoG CISD
CISD-XICISD-XIICISD-XVI
POPIA
s20s21
BoM CTRM
3.9
IOSCO Cyber Resilience
GOV-5PROT-7
CPMI-IOSCO PFMI
CG.ID
FFIEC IS
II.C.14II.C.20
NYDFS 500
500.11
HIPAA Security Rule
ยง164.314(a)(1)
ECB CROE
CROE.2.2.3
EBA ICT Guidelines
3.2.3
SEBI CSCRF
GV.SC
BOT Cyber Resilience
Ch5.1
NERC CIP
CIP-013-2
10 CFR 73.54
RG5.71-C-SR
FERC CIP Orders
Order 829Order 850
DOE C2M2 v2.1
THIRD
API 1164
Sec 12
AWIA
AWWA Sec 7
IAEA NSS 17-T
Sec 6
PCI PTS v6
G
TIBER-EU
TIBER.PROV
ISAE 3402
Clause 7
Solvency II
Art.49(1)Art.49(2)DR.272EIOPA-Cloud-GL3
Lloyd's Minimum Standards
MS13.1MS8.8MS9.3
NAIC Insurance Data Security
4D
FCA SYSC 13
SYSC 13.9.1
HITRUST CSF v11
05.b
ISO 27799
14.115.1
NHS DSPT
NDG-10.1NDG-10.4
MiCA
Art.66(1)
Basel SCO60
SCO60.4SCO60.41SCO60.54SCO60.83SCO60.84
BSSC Standards
GSP-07
SEC Custody (Digital Assets)
SEC-CD-09SEC-CD-10