πΌ A.15.2.1 Monitoring and review of supplier services
Descriptionβ
Organizations shall regularly monitor, review and audit supplier
service delivery.
Similarβ
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| πΌ NIST CSF v1.1 β πΌ DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events | | 7 | 7 | |
| πΌ NIST CSF v1.1 β πΌ DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed | | 19 | 23 | |
| πΌ NIST CSF v1.1 β πΌ ID.BE-1: The organization's role in the supply chain is identified and communicated | | | | |
| πΌ NIST CSF v1.1 β πΌ ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | | | | |
| πΌ NIST CSF v1.1 β πΌ ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process | | 7 | 7 | |
| πΌ NIST CSF v1.1 β πΌ ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations | | 16 | 19 | |
| πΌ NIST CSF v1.1 β πΌ PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access | | 1 | 1 | |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|