💼 SA-9(1) External System Services | Risk Assessments and Organizational Approvals

ID: /frameworks/nist-sp-800-53-r5/sa/09/01

Description

(a) Conduct an organizational assessment of risk prior to the acquisition or outsourcing of information security services; and (b) Verify that the acquisition or outsourcing of dedicated information security services is approved by [Assignment: organization-defined personnel or roles].

Similar

Internal
- ID: dec-c-86faef7d

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 SA-9(1) Risk Assessments and Organizational Approvals (M)(H)					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections