Kibernetinio saugumo reikalavimų aprašas (įsk. Nacionalinį kibernetinių incidentų valdymo planą) (Lietuva)

Requirement

33: Tiekėjų atrankos kriterijai

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Kibernetinio saugumo subjektas, nustatydamas tiekimo grandinės saugumo valdymo tvarką, turi numatyti tinklų ir informacinių sistemų tiekėjų atrankos kriterijus, apimančius:

tiekėjo atitiktį Apraše nustatytiems kibernetinio saugumo reikalavimams;
kokybės reikalavimus tinklų ir informacinių sistemų produktams, paslaugoms;
prieigų valdymą, įskaitant prieigų laikotarpio ribojimą.

Fulfill this requirement by completing the tasks below ->

This requirement is part of the framework:

Kibernetinio saugumo reikalavimų aprašas (įsk. Nacionalinį kibernetinių incidentų valdymo planą) (Lietuva)

Other requirements of the framework

33: Tiekėjų atrankos kriterijai

Best practices

How to implement:

33: Tiekėjų atrankos kriterijai

This policy on

33: Tiekėjų atrankos kriterijai

provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.

Kibernetinio saugumo subjektas, nustatydamas tiekimo grandinės saugumo valdymo tvarką, turi numatyti tinklų ir informacinių sistemų tiekėjų atrankos kriterijus, apimančius:

tiekėjo atitiktį Apraše nustatytiems kibernetinio saugumo reikalavimams;
kokybės reikalavimus tinklų ir informacinių sistemų produktams, paslaugoms;
prieigų valdymą, įskaitant prieigų laikotarpio ribojimą.

Read below what concrete actions you can take to improve this ->

Frameworks that include requirements for this topic:

No items found.

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to

33: Tiekėjų atrankos kriterijai

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

No other tasks found.

Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement

33: Tiekėjų atrankos kriterijai

of the framework

Kibernetinio saugumo reikalavimų aprašas (įsk. Nacionalinį kibernetinių incidentų valdymo planą) (Lietuva)

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

Documentation of partner contract status

Critical

High

Normal

Low

Partner management

Agreements and monitoring

Documentation of partner contract status

This task helps you comply with the following requirements

Članak 30.1.d: Sigurnost lanca opskrbe NIS2 Croatia

9.4 §: Toimitusketjun hallinta ja valvonta Kyberturvallisuuslaki

30 § 3.4°: La sécurité de la chaîne d'approvisionnement NIS2 Belgium

30 § 4°: Définir et contrôler les mesures de sécurité requises pour la chaîne d'approvisionnement NIS2 Belgium

2.1.9: Maintain security responsibility during outsourcing NSM ICT-SP

Criteria for suppliers of high priority data systems

Critical

High

Normal

Low

System management

Data system procurement

Criteria for suppliers of high priority data systems

This task helps you comply with the following requirements

Članak 30.1.d: Sigurnost lanca opskrbe NIS2 Croatia

9.4 §: Toimitusketjun hallinta ja valvonta Kyberturvallisuuslaki

1.3.3: Use of approved external IT services TISAX

6.1.1: Partner Information security TISAX

30 § 3.4°: La sécurité de la chaîne d'approvisionnement NIS2 Belgium

Minimum requirements for partner companies to gain access to different levels of information

Critical

High

Normal

Low

Partner management

Supplier security

Minimum requirements for partner companies to gain access to different levels of information

This task helps you comply with the following requirements

15.1.1: Information security policy for supplier relationships ISO 27001

15.1.3: Information and communication technology supply chain ISO 27001

ID.BE-1: Role in supply chain NIST

5.21: Managing information security in the ICT supply chain ISO 27001

6.5: Tietojärjestelmien perustiedot, kuvaukset ja olennaisten vaatimusten täyttyminen Tietoturvasuunnitelma

Criteria for high priority partners

Critical

High

Normal

Low

Partner management

Supplier security

Criteria for high priority partners

This task helps you comply with the following requirements

Članak 30.1.d: Sigurnost lanca opskrbe NIS2 Croatia

9.4 §: Toimitusketjun hallinta ja valvonta Kyberturvallisuuslaki

1.3.3: Use of approved external IT services TISAX

6.1.1: Partner Information security TISAX

30 § 3.4°: La sécurité de la chaîne d'approvisionnement NIS2 Belgium

Prioritization of partners based on criticality

Critical

High

Normal

Low

Partner management

Supplier security

Prioritization of partners based on criticality

This task helps you comply with the following requirements

ID.SC-2: Suppliers and third party partners of information systems NIST

ID.SC-2: Suppliers and third-party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process.CyberFundamentals

GV.SC-04: Prioritizing suppliers by criticality NIST 2.0

5.1.1: Supply chain security policy NIS2 Guide

33: Tiekėjų atrankos kriterijai NIS2 Guide Lithuania

Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way‍

Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.

Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.

Do it once - we automatically apply it to all current and future frameworks.

Start free trial