800-53|IR-6(3)

Title

COORDINATION WITH SUPPLY CHAIN

Description

The organization provides security incident information to other organizations involved in the supply chain for information systems or information system components related to the incident.

Supplemental

Organizations involved in supply chain activities include, for example, system/product developers, integrators, manufacturers, packagers, assemblers, distributors, vendors, and resellers. Supply chain incidents include, for example, compromises/breaches involving information system components, information technology products, development processes or personnel, and distribution processes or warehousing facilities. Organizations determine the appropriate information to share considering the value gained from support by external organizations with the potential for harm due to sensitive information being released to outside organizations of perhaps questionable trustworthiness.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: INCIDENT RESPONSE

Parent Title: INCIDENT REPORTING

Family: INCIDENT RESPONSE

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Maintain current contact details	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.2 Ensure security contact information is registered	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.3 Ensure security questions are registered in the AWS account	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.16 Ensure Essential Contacts is Configured for Organization	GCP	CIS Google Cloud Platform v3.0.0 L1
2.1.17 Ensure That 'All users with the following roles' is set to 'Owner'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1

Detections

Analytics