Suppliers identified as high risk by a cyber supply chain risk assessment are not used.
Topic
Cyber supply chain risk management activities
Applicable to
all
History
Sep 2022
Suppliers identified as high risk by a cyber supply chain risk assessment are not used.
Language associated with ‘suppliers and service providers’ was amended to ‘suppliers’ noting that suppliers have now been defined within the glossary as encompassing application developers, ICT equipment manufacturers, service provides and other organisations involved in distribution channels.
Dec 2020
Suppliers and service providers identified as high risk are not used.
Security control 1567 was amended to establish a linkage with security control 1452. Specifically, that suppliers and service providers that were identified as high risk as part of security control 1452 are not used.
Nov 2020
High risk suppliers and service providers are not used.
Jul 2020
High risk suppliers and service providers are not used.
Security control 1567 was introduced to recommend against the use of high risk suppliers and service providers.