>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

VM-20Third-Party Security Assessment

>Control Description

Organization engages qualified managed service providers to perform independent information security assessments.

Theme

Process

Type

Detective

Policy/Standard

Information Security Management Standard

>Implementation Guidance

1. Ensure a process has been defined and documented to engage qualified managed service providers for performing independent information security assessments. 2. Ensure these assessments are performed in accordance with organization requirements.

>Testing Procedure

1. Inspect and valudate whether a process has been defined and documented to engage qualified managed service providers for performing independent information security assessments. 2. Validate whether these assessments were performed in accordance with organization requirements.

>Audit Artifacts

E-SG-01
E-VM-20

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

FedRAMP Rev 5
3

CA-07 (01)
SA-11
SA-11 (02)

PCI DSS
1

6.3.1

TX-RAMP
1

SA-11

Ask AI

Configure your API key to use AI features.