SR-05 Acquisition Strategies, Tools, and Methods
Supply Chain Risk Management
Low Moderate High New in Rev 5
Description
Changes from Rev 4
New control family introduced in Rev 5
MITRE ATT&CK Techniques (15)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Initial Access 4 Execution 2 Persistence 6 Privilege Escalation 1 Defense Evasion 3
Initial Access
Persistence
Privilege Escalation
Compliance Mappings
ISO 27001:2022
A.5.21
ISO 27002:2022
5.195.21
COBIT 2019
APO10
CIS Controls v8
CIS 15
NIST CSF 2.0
GV.SC-06ID.RA-09ID.RA-10
SOC 2 TSC
CC3.3CC9.1
ISO 42001:2023
A.10.3
NIS2 Directive
Art. 21(2)(d)
ANSSI
Hygiene.42SecNumCloud.16.1
FINMA Circular 2023/1
IV.F(100)V(101)V(111)VI(112)
OSFI B-13
B-13.4.1
EU GDPR
Art.28(3)(a)Art.28(3)(h)
EU DORA
Art.28(5)Art.30(2)(a)
BIO2
5.195.21
RBI CSF
Annex1.11ITGRCA.10
DNB Good Practice
DNB.14.2
SAMA CSF
4.1
NCA ECC
4-1
UAE IA
T10
CBB TM
TM-15
Qatar NIA
SD
CBUAE
CR-12
CBE CSF
OVM-1
SA JS2
JS2-8.7
CBN CSF
Part2.4
BoG CISD
CISD-XIICISD-XVI
POPIA
s21
BoM CTRM
3.9
IOSCO Cyber Resilience
PROT-7
CPMI-IOSCO PFMI
CG.PRPFMI.P17
FFIEC IS
II.C.14
NYDFS 500
500.11
ECB CROE
CROE.2.2.3
EBA ICT Guidelines
3.2.3
SEBI CSCRF
GV.SC
BOT Cyber Resilience
Ch5.1
NERC CIP
CIP-013-2
10 CFR 73.54
RG5.71-C-SR
FERC CIP Orders
Order 829
DOE C2M2 v2.1
THIRD
API 1164
Sec 12
IAEA NSS 17-T
Sec 6
PCI PTS v6
G
ISAE 3402
Clause 7
Solvency II
Art.49(1)DR.272EIOPA-Cloud-GL3
Lloyd's Minimum Standards
MS8.8
NAIC Insurance Data Security
4D
FCA SYSC 13
SYSC 13.9.2
HITRUST CSF v11
05.b
FDA Cybersecurity Guidance
524B-1SBOM-1ST-4
ISO 27799
15.115.2
NHS DSPT
NDG-10.1NDG-10.4
MiCA
Art.66(1)Art.66(3)
Basel SCO60
SCO60.54
BSSC Standards
TIS-06GSP-07