SR-03 Supply Chain Controls and Processes
Supply Chain Risk Management
Low Moderate High New in Rev 5
Description
Changes from Rev 4
New control family introduced in Rev 5
Compliance Mappings
ISO 27001:2022
4.2A.5.19A.5.20A.5.21
ISO 27002:2022
5.195.205.21
COBIT 2019
APO10
CIS Controls v8
CIS 15CIS 15.4
NIST CSF 2.0
GV.SC-01GV.SC-02GV.SC-04GV.SC-05GV.SC-06GV.SC-07GV.SC-09ID.RA-10
SOC 2 TSC
CC9.1
PCI DSS v4.0.1
12.8
CSA CCM v4
STA-02STA-08STA-14
CSA AICM v1
STA-02STA-08STA-14
ISO 42001:2023
A.10.3
NIS2 Directive
Art. 21(2)(d)
PRA Operational Resilience
SS2/21-14.1SS2/21-6.1SS2/21-8.1
MAS TRM
16
APRA CPS 234
Para 29-33
ANSSI
Hygiene.42Hygiene.9SecNumCloud.16.1SecNumCloud.16.2
FINMA Circular 2023/1
V(104)V(105)V(106)V(107)V(108)
OSFI B-13
B-13.4.1
EU GDPR
Art.28(1)Art.28(2)Art.28(4)
EU DORA
Art.28(2)Art.29(1)Art.30(2)
BIO2
5.195.205.21
RBI CSF
Annex1.11ITGRCA.10
MLPS 2.0
8.1.10.128.1.9.4
DNB Good Practice
DNB.14.2DNB.16.3
EU CRA
CRA.I.1
SWIFT CSCF
SWIFT.2.8
SAMA CSF
4.14.2
NCA ECC
4-14-2
UAE IA
T10
CBB TM
TM-15
Qatar NIA
SD
CBUAE
CR-12
CBE CSF
CTO-11OVM-1
SA JS2
JS2-8.7
CBN CSF
Part2.4
BoG CISD
CISD-XICISD-XIICISD-XVI
POPIA
s20s21
BoM CTRM
3.9
IOSCO Cyber Resilience
GOV-5PROT-7
CPMI-IOSCO PFMI
CG.PRPFMI.P17
FFIEC IS
II.C.14II.C.20
NYDFS 500
500.11
HIPAA Security Rule
§164.314(a)(1)§164.314(a)(2)
ECB CROE
CROE.2.2.3
EBA ICT Guidelines
3.2.3
SEBI CSCRF
GV.SC
BOT Cyber Resilience
Ch5.1
NERC CIP
CIP-013-2
10 CFR 73.54
RG5.71-C-SR
FERC CIP Orders
Order 829Order 850
DOE C2M2 v2.1
THIRD
API 1164
Sec 12
AWIA
AWWA Sec 7
IAEA NSS 17-T
Sec 6
PCI PTS v6
G
ISAE 3402
Clause 7
Solvency II
Art.49(1)Art.49(2)DR.272EIOPA-Cloud-GL3
Lloyd's Minimum Standards
MS8.8MS9.3
NAIC Insurance Data Security
4D
FCA SYSC 13
SYSC 13.9.1SYSC 13.9.3SYSC 13.9.5
HITRUST CSF v11
05.b
ISO 27799
14.115.115.2
NHS DSPT
NDG-10.1NDG-10.3NDG-10.4
OWASP MASVS v2.1
MASVS-CODE-3
MiCA
Art.66(1)
Basel SCO60
SCO60.4SCO60.41SCO60.54
BSSC Standards
NOS-02GSP-07
SEC Custody (Digital Assets)
SEC-CD-10