CCI-003146
CCI-003146 Definition
Document trust relationships with external service providers based on organization-defined security requirements, properties, factors, or conditions defining acceptable trust relationships.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents trust relationships with external service providers based on security requirements, properties, factors, or conditions defining acceptable trust relationships defined in SA-9 (3), CCI 3148.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the list of trust relationship with external service providers to ensure it is documented.
Compelling Evidence
1.) System security plan (SSP) will define trust relationships with external service providers required by organization-defined security requirements defined in SA-9(3), CCI 3148.