The selection of products and services includes consideration of their cybersecurity capabilities, at least in an ad hoc manner
Context and Guidance: The cybersecurity requirements for products and services might include, for example, ability to disable certain functionality of a product, a clear understanding of components used in a product, and terms of service for a service that meet cybersecurity requirements.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: THIRD-PARTIES-2b, THIRD-PARTIES-2i, THIRD-PARTIES-2j, THIRD-PARTIES-2k, THIRD-PARTIES-2l, THIRD-PARTIES-2m.