Skip to main content

πŸ’Ό SA-9(1) Risk Assessments and Organizational Approvals (M)(H)

  • Contextual name: πŸ’Ό SA-9(1) Risk Assessments and Organizational Approvals (M)(H)
  • ID: /frameworks/fedramp-high-security-controls/sa/09/01
  • Located in: πŸ’Ό SA-9 External System Services (L)(M)(H)

Description​

(a) Conduct an organizational assessment of risk prior to the acquisition or outsourcing of information security services; and

(b) Verify that the acquisition or outsourcing of dedicated information security services is approved by [Assignment: organization-defined personnel or roles].

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r5/sa/09/01
  • Internal
    • ID: dec-c-d80bb49b

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-9(1) External System Services _ Risk Assessments and Organizational Approvals

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό SA-9(1) Risk Assessments and Organizational Approvals (M)(H)

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags