01
ID.SC: Establish supply chain risk management processes
02
PR.AT: Ensure third-party personnel meet security requirements
03
DE.CM: Monitor third-party service providers continuously
04
RS.MI: Manage vendor incidents through coordinated response
NIST Cybersecurity Framework & SP 800-171
The NIST CSF provides the foundation for federal contractor and critical infrastructure vendor risk management. SP 800-161 specifically addresses supply chain risk.
ID.SC: Establish supply chain risk management processes
PR.AT: Ensure third-party personnel meet security requirements
DE.CM: Monitor third-party service providers continuously
RS.MI: Manage vendor incidents through coordinated response
Automated scoring maps to NIST CSF Identify function.
QFX questionnaires map to SP 800-171 and CMMC requirements.
Satisfies NIST CSF Detect function for third-party monitoring.
Evidence aligned to SP 800-161 supply chain risk management.
NIST compliance is critical for organizations in these sectors.
Assess your first vendors free — no credit card, no contract, no gym membership required.
Try 5 Vendors for Free →