CCI-003148

The organization defines security requirements, properties, factors, or conditions defining acceptable trust relationships with external service providers.

Implementation Guidance

The organization being inspected/assessed defines and documents security requirements, properties, factors, or conditions defining acceptable trust relationships with external service providers. DoD has determined the security requirements, properties, factors, or conditions are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security requirements, properties, factors, or conditions to ensure the organization being inspected/assessed defines security requirements, properties, factors, or conditions defining acceptable trust relationships with external service providers. DoD has determined the security requirements, properties, factors, or conditions are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP) will define trust relationships with external service providers required by organization-defined security requirements defined in SA-9(3), CCI 3148.

The controls below (if any) were marked by NIST as being related to CCI-003148.