An error occurred:

CCI-004787

CCI-004787 Definition

Establish trust relationships with external service providers based on organization-defined privacy requirements, properties, factors, or conditions defining acceptable trust relationships.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - trust relationships with external service provides based on [SA-09(03)_ODP[01]; security requirements, properties, factors, or conditions defining acceptable trust relationships on which a trust relationship is maintained are defined] are established and documented. - trust relationships with external service provides based on [SA-09(03)_ODP[01]; security requirements, properties, factors, or conditions defining acceptable trust relationships on which a trust relationship is maintained are defined] are maintained. - trust relationships with external service provides based on [SA-09(03)_ODP[02]; privacy requirements, properties, factors, or conditions defining acceptable trust relationships on which a trust relationship is maintained are defined] are established and documented. - trust relationships with external service provides based on [SA-09(03)_ODP[02]; privacy requirements, properties, factors, or conditions defining acceptable trust relationships on which a trust relationship is maintained are defined] are maintained.

Validation Procedures

Examine: [SELECT FROM: System and services acquisition policy; system and services acquisition procedures; acquisition contracts for the system, system component, or system service; acquisition documentation; solicitation documentation; service level agreements; memorandum of understanding; memorandum of agreements; list of organizational security and privacy requirements, properties, factors, or conditions for external provider services; documentation of trust relationships with external service providers; system security plan; privacy plan; supply chain risk management plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with acquisition responsibilities; organizational personnel with information security and privacy responsibilities; external providers of system services; organizational personnel with supply chain risk management responsibilities].