7123(e)(1)—7123(e)(1)
>Control Description
Describe the business’s information system; and identify (A) the policies, procedures, and practices that the cybersecurity audit assessed; (B) the criteria used for the cybersecurity audit; and (C) the specific evidence examined to make decisions and assessments, such as documents reviewed, sampling and testing performed, and interviews conducted. The cybersecurity audit report must also explain why assessing those policies, procedures, and practices; using those criteria; and examining that specific evidence justify the auditor’s findings.
Ask AI
Configure your API key to use AI features.