Skip to main content

💼 SA-9 EXTERNAL INFORMATION SYSTEM SERVICES

Description​

The organization: SA-9a. Requires that providers of external information system services comply with organizational information security requirements and employ [Assignment: organization-defined security controls] in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance; SA-9b. Defines and documents government oversight and user roles and responsibilities with regard to external information system services; and SA-9c. Employs [Assignment: organization-defined processes, methods, and techniques] to monitor security control compliance by external service providers on an ongoing basis.

Similar​

  • Internal
    • ID: dec-c-d6640165

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events66
💼 NIST CSF v1.1 → 💼 ID.AM-4: External information systems are catalogued
💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders
💼 NIST CSF v1.1 → 💼 ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan
💼 NIST CSF v1.1 → 💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations1519
💼 NIST CSF v1.1 → 💼 PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
💼 SA-9 (1) RISK ASSESSMENTS _ ORGANIZATIONAL APPROVALS
💼 SA-9 (2) IDENTIFICATION OF FUNCTIONS _ PORTS _ PROTOCOLS _ SERVICES
💼 SA-9 (3) ESTABLISH _ MAINTAIN TRUST RELATIONSHIP WITH PROVIDERS
💼 SA-9 (4) CONSISTENT INTERESTS OF CONSUMERS AND PROVIDERS
💼 SA-9 (5) PROCESSING, STORAGE, AND SERVICE LOCATION