Navigate

CCI-003146

CCI-003146 Definition

The organization documents trust relationships with external service providers based on organization-defined security requirements, properties, factors, or conditions defining acceptable trust relationships.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents trust relationships with external service providers based on security requirements, properties, factors, or conditions defining acceptable trust relationships defined in SA-9 (3), CCI 3148.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the list of trust relationship with external service providers to ensure it is documented.

Compelling Evidence

1.) System security plan (SSP) will define trust relationships with external service providers required by organization-defined security requirements defined in SA-9(3), CCI 3148.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003146.

Control	Description
SA-9 (3)	The organization establishes, documents, and maintains trust relationships with external service providers based on [Assignment: organization-defined security requirements, properties, factors, or conditions defining acceptable trust relationships].