CCI-003150

The organization defines security safeguards to employ to ensure that the interests of organization-defined external service providers are consistent with and reflect organizational interests.

Implementation Guidance

The organization being inspected/assessed defines and documents security safeguards to employ to ensure that the interests of organization-defined external service providers are consistent with and reflect organizational interests. DoD has determined the security safeguards are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security safeguards to ensure the organization being inspected/assessed defines security safeguards to employ to ensure that the interests of organization-defined external service providers are consistent with and reflect organizational interests. DoD has determined the security safeguards are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP) will define security safeguards to ensure interests of external service providers are consistent with and reflect organizational interests.

The controls below (if any) were marked by NIST as being related to CCI-003150.