CCI-003075
CCI-003075 Definition
Develop security architectures for the system that describe any assumptions about, and dependencies on, external systems and services.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed describes within the information security architecture for the information system, any information security assumptions about, and dependencies on, external services.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the information security architecture to ensure the organization being inspected/assessed describes within the information security architecture for the information system, any information security assumptions about, and dependencies on, external services.
Compelling Evidence
1.) Current documented information security architecture which identifies any information security assumptions about, and dependencies on, external services.