>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-20Use Of External Systems

>Control Description

Enterprises’ external information systems include those of suppliers, developers, system integrators, external system service providers, and other ICT/OT-related service providers. Unlike in an acquirer’s internal enterprise where direct and continuous monitoring is possible, in the external supplier relationship, information may be shared on an as-needed basis and should be articulated in an agreement. Access to the supply chain from such external information systems should be monitored and audited. Enterprises should require their prime contractors to implement this control and flow down this requirement to relevant sub-tier contractors.

>Cross-Framework Mappings

SCF

DCH-13
Compare

Ask AI

Configure your API key to use AI features.