💼 ID.AM-04: Inventories of services provided by suppliers are maintained
- ID:
/frameworks/nist-csf-v2.0/id-am/04
Description​
- Inventory all external services used by the organization, including third-party infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) offerings; APIs; and other externally hosted application services
- Update the inventory when a new external service is going to be utilized to ensure adequate cybersecurity risk management monitoring of the organization's use of that service
Similar​
- Sections
/frameworks/nist-csf-v1.1/id-am/04/frameworks/nist-sp-800-53-r5/ac/20/frameworks/nist-sp-800-53-r5/sa/09/frameworks/nist-sp-800-53-r5/sr/02
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.AM-4: External information systems are catalogued | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-20 Use of External Systems | 5 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SA-9 External System Services | 8 | 1 | 1 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan | 1 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|