SR-11 Component Authenticity
Supply Chain Risk Management
Low Moderate High New in Rev 5
Description
Changes from Rev 4
New control family introduced in Rev 5
MITRE ATT&CK Techniques (15)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Initial Access 4 Execution 2 Persistence 6 Privilege Escalation 1 Defense Evasion 3
Initial Access
Persistence
Privilege Escalation
Compliance Mappings
ISO 27001:2022
A.5.21
ISO 27002:2022
5.21
CIS Controls v8
CIS 16.5
NIST CSF 2.0
ID.RA-09
PCI DSS v4.0.1
9.5
ISO 42001:2023
A.7.5
ANSSI
Hygiene.42SecNumCloud.16.1
OSFI B-13
B-13.4.1
EU GDPR
Art.28(3)(h)Art.30(2)(d)
EU DORA
Art.28(5)Art.30(2)(a)
BIO2
5.21
RBI CSF
Annex1.6
NCA ECC
4-1
UAE IA
T10
CBB TM
TM-15
IOSCO Cyber Resilience
PROT-7
CPMI-IOSCO PFMI
CG.PR
FFIEC IS
II.C.14
NERC CIP
CIP-013-2
10 CFR 73.54
RG5.71-C-SR
FERC CIP Orders
Order 850
API 1164
Sec 12
IAEA NSS 17-T
Sec 6
PCI PTS v6
AG
PCI HSM
2
Solvency II
DR.272
ISO 27799
15.2H.3
NHS DSPT
NDG-10.4
MiCA
Art.66(3)
Basel SCO60
SCO60.54