TPM-02 ยท Third-Party Criticality Assessments

Control Description

Mechanisms exist to identify, prioritize and assess suppliers and partners of critical Technology Assets, Applications and/or Services (TAAS) using a supply chain risk assessment process relative to their importance in supporting the delivery of high-value services.

Control Question
Assessment question for control validation

Does the organization identify, prioritize and assess suppliers and partners of critical Technology Assets, Applications and/or Services (TAAS) using a supply chain risk assessment process relative to their importance in supporting the delivery of high-value services?

Control Weighting
9
Validation Cadence
Annual
NIST CSF Function
Identify
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: TPM-02
ESP Level 1: TPM-02
ESP Level 2: TPM-02
ESP Level 3: TPM-02
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control