SR-06 Supplier Assessments and Reviews
Supply Chain Risk Management
Moderate High New in Rev 5
Description
Changes from Rev 4
New control family introduced in Rev 5
Compliance Mappings
ISO 27001:2022
A.5.21A.5.22
ISO 27002:2022
5.215.22
COBIT 2019
APO10
CIS Controls v8
CIS 15CIS 15.5CIS 15.6
NIST CSF 2.0
DE.CM-06GV.SC-04GV.SC-06GV.SC-07GV.SC-09ID.AM-04ID.RA-10
SOC 2 TSC
CC1.4-POF2CC1.4-POF3CC3.4CC9.1CC9.2-POF13
PCI DSS v4.0.1
12.8
ISO 42001:2023
A.10.3
NIS2 Directive
Art. 21(2)(d)
PRA Operational Resilience
SS2/21-5.1SS2/21-6.1SS2/21-6.2SS2/21-7.1
MAS TRM
16
APRA CPS 234
Para 29-33
ANSSI
Hygiene.31Hygiene.42SecNumCloud.16.2
FINMA Circular 2023/1
VII.A(113)VII.B(114)
OSFI B-13
B-13.4.1
EU GDPR
Art.28(3)(h)
EU DORA
Art.28(6)Art.30(3)
BIO2
5.215.22
RBI CSF
Annex1.11
MLPS 2.0
8.1.10.128.1.9.7
DNB Good Practice
DNB.14.2DNB.16.3
EU CRA
CRA.I.2a
SWIFT CSCF
SWIFT.2.8
SAMA CSF
4.14.24.3
NCA ECC
4-1
UAE IA
T10
CBB TM
TM-15
Qatar NIA
SD
CBUAE
CR-12
CBE CSF
OVM-1
SA JS2
JS2-8.7
CBN CSF
Part2.4
BoG CISD
CISD-XVI
BoM CTRM
3.9
IOSCO Cyber Resilience
GOV-5PROT-7TEST-4
CPMI-IOSCO PFMI
CG.IDCG.SA
FFIEC IS
II.C.14II.C.20
NYDFS 500
500.11
ECB CROE
CROE.2.2.3CROE.2.7.1
EBA ICT Guidelines
3.2.3
SEBI CSCRF
GV.SCPR.CS
BOT Cyber Resilience
Ch5.1
NERC CIP
CIP-013-2
10 CFR 73.54
RG5.71-C-SR
FERC CIP Orders
Order 829Order 850
DOE C2M2 v2.1
THIRD
API 1164
Sec 12
AWIA
AWWA Sec 7
IAEA NSS 17-T
Sec 6
PCI PTS v6
G
CBEST
CBEST.8
TIBER-EU
TIBER.PROV
ISAE 3402
Clause 7
Solvency II
Art.49(1)Art.49(2)DR.272EIOPA-Cloud-GL3EIOPA-Cloud-GL7
Lloyd's Minimum Standards
MS13.1MS8.8
NAIC Insurance Data Security
4D
FCA SYSC 13
SYSC 13.9.1SYSC 13.9.2SYSC 13.9.3
HITRUST CSF v11
05.b
FDA Cybersecurity Guidance
SBOM-3
ISO 27799
15.115.2
NHS DSPT
NDG-10.1NDG-10.4
MiCA
Art.66(1)Art.66(3)
Basel SCO60
SCO60.41SCO60.54SCO60.83
BSSC Standards
TIS-02
SEC Custody (Digital Assets)
SEC-CD-10