← NIST CSF 2.0 in plain English

GV.SC-07

Govern / Cybersecurity Supply Chain Risk Management

The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship.

Think of it likeKeeping track of how well a contractor performs during a home renovation.

In plain English

The family monitors the contractor’s work and addresses any issues that come up, making sure everything is done to their standards.