GV.SC-09 - Monitoring Supply Chain Security Practices
GV.SC-09 embeds supply chain security practices into cybersecurity and enterprise risk management, ensuring consistent oversight from acquisition to disposal of products and services. This integration includes requiring provenance records and monitoring performance metrics to verify authenticity and security. It aligns supply chain activities with organizational risk strategies.
This subcategory supports ongoing risk reporting and communication, ensuring that leaders and operations personnel address supply chain vulnerabilities, such as unauthorized hardware upgrades. It maintains security throughout the technology lifecycle, reducing risks from compromised components. GV.SC-09 reinforces a holistic approach to managing supply chain threats.
