CCI-003088
CCI-003088 Definition
Require that organization-defined controls allocated to organization-defined locations and architectural layers be obtained from different suppliers.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed obtains from different suppliers security safeguards defined in PL-8 (1), CCIs 3083 and 3084 allocated to locations and architectural layers defined in PL-8 (1) CCIs 3085 and 3086.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines procurement records to ensure that different suppliers are used to procure security safeguards defined in PL-8 (1), CCIs 3083 and 3084 allocated to locations and architectural layers defined in PL-8 (1) CCIs 3085 and 3086.
Compelling Evidence
1.) Evidence of procurement records defined in PL-8 (1), CCIs 3083 and 3084 allocated to locations and architectural layers defined in PL-8 (1) CCIs 3085 and 3086.