Risk Management in the Supply Chain

During the cybersecurity risk management phase, every high-impact and critical-impact entity must establish an entity-wide risk mitigation plan for all assets within their high-impact and critical-impact perimeter and conduct a risk assessment every three years (NCCS Article 26).

During the cybersecurity risk assessment phase, all high-impact and critical-impact entities must identify potential cybersecurity risks, including:

kiberbiz
Click on the image to enlarge.