GV.SC - Cybersecurity Supply Chain Risk Management

GV.SC defines the management of cybersecurity risks associated with an organization's supply chain, requiring the establishment of policies, processes and controls to identify, assess and mitigate threats from suppliers, service providers and third-party products throughout their lifecycle. It emphasizes continuous monitoring, verification of security practices, and contractual requirements to ensure that supply-chain components do not weaken the organization's overall cyber resilience.