Navigate

CCI-003147

CCI-003147 Definition

The organization maintains trust relationships with external service providers based on organization-defined security requirements, properties, factors, or conditions defining acceptable trust relationships.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed maintains trust relationships with external service providers based on security requirements, properties, factors, or conditions defining acceptable trust relationships defined in SA-9 (3), CCI 3148.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines a list of trust relationships with external service providers to ensure those relationships are maintained based on security requirements, properties, factors, or conditions defining acceptable trust relationship defined in SA-9 (3), CCI 3148.

Compelling Evidence

1.) System security plan (SSP) will define trust relationships with external service providers required by organization-defined security requirements defined in SA-9(3), CCI 3148.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003147.

Control	Description
SA-9 (3)	The organization establishes, documents, and maintains trust relationships with external service providers based on [Assignment: organization-defined security requirements, properties, factors, or conditions defining acceptable trust relationships].