>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

12.4.2Additional requirement for service providers only: Reviews are performed at least once every three months to confirm personnel are performing their tasks in accordance with all security policies and all operational procedures.

>Requirement Description

Additional requirement for service providers only: Reviews are performed at least once every three months to confirm personnel are performing their tasks in accordance with all security policies and all operational procedures. Reviews are performed by personnel other than those responsible for performing the given task and include, but not limited to, the following tasks: Daily log reviews. Configuration reviews for network security controls. Applying configuration standards to new systems. Responding to security alerts. Change-management processes. Applicability Notes This requirement applies only when the entity being assessed is a service provider.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST OLIR Catalog
GV.OV-01
Compare
GV.OV-02
Compare
GV.OV-03
Compare
ID.IM-01
Compare

SCF

CFG-02.1
Compare
CFG-02.9
Compare
CFG-03.1
Compare
CHG-01
Compare
CHG-02
Compare
CLD-12
Compare
CPL-01
Compare
CPL-01.1
Compare
CPL-03
Compare
CPL-03.2
Compare
MON-01.8
Compare
TPM-05
Compare
TPM-08
Compare

Ask AI

Configure your API key to use AI features.