Navigate

CCI-003216

CCI-003216 Definition

The organization establishes inter-organizational agreements with entities involved in the supply chain for the information system, system component, or information system service.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed establishes and documents inter-organizational agreements with entities involved in the supply chain for the information system, system component, or information system service.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented inter-organizational agreements to ensure the organization being inspected/assessed establishes inter-organizational agreements with entities involved in the supply chain for the information system, system component, or information system service.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for establishing inter-organizational agreements with entities involved with supply chain elements, processes and actors associated with the information system, system components or information system service.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003216.

Control	Description
SA-12 (12)	The organization establishes inter-organizational agreements and procedures with entities involved in the supply chain for the information system, system component, or information system service.