Куда я попал?
CIS Critical Security Controls v8 (The 18 CIS CSC)
Framework
Service Provider
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
15.1 Establish and Maintain an Inventory of Service Providers
Establish and maintain an inventory of service providers. The inventory is to list all known service providers, include classification(s), and designate an enterprise contact for each service provider. Review and update the inventory annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 1 2 3 -
15.2 Establish and Maintain a Service Provider Management Policy
Establish and maintain a service provider management policy. Ensure the policy addresses the classification, inventory, assessment, monitoring, and decommissioning of service providers. Review and update the policy annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 2 3 -
15.6 Monitor Service Providers
Monitor service providers consistent with the enterprise’s service provider management policy. Monitoring may include periodic reassessment of service provider compliance, monitoring service provider release notes, and dark web monitoring.Обязательно для implementation Group 3
Связанные защитные меры
Название | Дата | Влияние | ||
---|---|---|---|---|
Community
27 / 123
|
Ведение реестра информационных активов
Вручную
Организационная
16.03.2022
|
16.03.2022 | 27 / 123 |