CCI-003143

The organization requires providers of organization-defined external information system services to identify the functions, ports, protocols, and other services required for the use of such services.

Implementation Guidance

The organization being inspected/assessed documents within contracts/agreements, the requirement that providers of all external information system services identify the functions, ports, protocols, and other services required for the use of such services. DoD has defined the external information system services as all external information system services.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the contracts/agreements to ensure the organization being inspected/assessed requires that providers of all external information system services identify the functions, ports, protocols, and other services required for the use of such services. DoD has defined the external information system services as all external information system services.

Compelling Evidence

1.) System security plan (SSP) will define and document functions, ports, protocols and services required by organization-defined external information system services.

The controls below (if any) were marked by NIST as being related to CCI-003143.