πΌ SA-9 External System Services (L)(M)(H)
- Contextual name: πΌ SA-9 External System Services (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/sa/09 - Located in: πΌ System and Services Acquisition
Descriptionβ
a. Require that providers of external system services comply with organizational security and privacy requirements and employ the following controls: [FedRAMP Assignment: Appropriate FedRAMP Security Controls Baseline(s) if Federal information is processed or stored within the external system];
b. Define and document organizational oversight and user roles and responsibilities with regard to external system services; and
c. Employ the following processes, methods, and techniques to monitor control compliance by external service providers on an ongoing basis: [FedRAMP Assignment: Federal/FedRAMP Continuous Monitoring requirements must be met for external systems where Federal information is processed or stored].
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sa/09
- Internal
- ID:
dec-c-fc6e80de
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ SA-9 External System Services | 8 | 1 | 1 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ SA-9 External System Services (L)(M)(H) | ||||
| πΌ FedRAMP Moderate Security Controls β πΌ SA-9 External System Services (L)(M)(H) | 3 | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ SA-9(1) Risk Assessments and Organizational Approvals (M)(H) | ||||
| πΌ SA-9(2) Identification of Functions, Ports, Protocols, and Services (M)(H) | ||||
| πΌ SA-9(5) Processing, Storage, and Service Location (M)(H) | 1 |