Jeremy Pickett 11/15/24 Jeremy Pickett 11/15/24

PR.AC-1: Identity Management, Authentication and Access Control

Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.

Jeremy Pickett 11/14/24 Jeremy Pickett 11/14/24

ID.SC-5: Supply Chain Risk Management

Response and recovery planning and testing are conducted with suppliers and third-party providers.

Jeremy Pickett 11/13/24 Jeremy Pickett 11/13/24

ID.SC-4: Supply Chain Risk Management

Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.

Jeremy Pickett 11/12/24 Jeremy Pickett 11/12/24

ID.SC-3: Supply Chain Risk Management

Suppliers and third-party partners are identified, prioritized, and assessed using a cybersecurity risk assessment process.

Jeremy Pickett 11/11/24 Jeremy Pickett 11/11/24

ID.SC-2: Supply Chain Risk Management

Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders.

Jeremy Pickett 11/8/24 Jeremy Pickett 11/8/24

ID.SC-1: Supply Chain Risk Management

Cybersecurity risks to organizational assets are identified and managed.

Jeremy Pickett 11/7/24 Jeremy Pickett 11/7/24

ID.RM-3: Risk Management Strategy

The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector-specific risk analysis.

Jeremy Pickett 11/6/24 Jeremy Pickett 11/6/24

ID.RM-2: Risk Management Strategy

Organizational risk tolerance is determined and clearly expressed.

Jeremy Pickett 11/5/24 Jeremy Pickett 11/5/24

ID.RM-1: Risk Management Strategy

Risk management processes are established, managed, and agreed to by organizational stakeholders.

Jeremy Pickett 11/4/24 Jeremy Pickett 11/4/24

ID.RA-6: Risk Assessment

Risk responses are identified and prioritized.

Jeremy Pickett 10/31/24 Jeremy Pickett 10/31/24

ID.RA-4: Risk Assessment

Potential business impacts and likelihoods are identified.

Jeremy Pickett 10/25/24 Jeremy Pickett 10/25/24

—ID.GV-4: Governance

Governance and risk management processes address cybersecurity risks.

Contact: jeremy@japhontech.com : : japhontech, LLC