Navigate

CCI-003088

CCI-003088 Definition

Require that organization-defined controls allocated to organization-defined locations and architectural layers be obtained from different suppliers.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed obtains from different suppliers security safeguards defined in PL-8 (1), CCIs 3083 and 3084 allocated to locations and architectural layers defined in PL-8 (1) CCIs 3085 and 3086.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines procurement records to ensure that different suppliers are used to procure security safeguards defined in PL-8 (1), CCIs 3083 and 3084 allocated to locations and architectural layers defined in PL-8 (1) CCIs 3085 and 3086.

Compelling Evidence

1.) Evidence of procurement records defined in PL-8 (1), CCIs 3083 and 3084 allocated to locations and architectural layers defined in PL-8 (1) CCIs 3085 and 3086.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003088.

Control	Description
PL-8(2)	The organization requires that [one of ] allocated to [one of ] are obtained from different suppliers.