CCI-000669
CCI-000669 Definition
Require that providers of external system services comply with organizational security requirements.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents within contracts/agreements, requirements that providers of external information system services comply with any organization-specific information security requirements.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the contracts/agreements to ensure the organization being inspected/assessed requires that providers of external information system services comply with any organization-specific information security requirements.
Compelling Evidence
1.) System security plan (SSP). 2.) Design documentation must contain information system security requirements to be adhered to be external information services