>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TPM-04.1Third-Party Risk Assessments & Approvals

Weight: 9

>Control Description

Mechanisms exist to conduct a risk assessment prior to the acquisition or outsourcing of technology-related Technology Assets, Applications and/or Services (TAAS).

>Cross-Framework Mappings

NIST SP 800-53 r5

SA-9(1)
Compare

NIST CSF 2.0

GV.SC-06
Compare
GV.SC-07
Compare
ID.IM-01
Compare
ID.IM-02
Compare
ID.RA-10
Compare

PCI DSS v4.0.1

12.8.3
Compare

CIS Controls v8

15.5
Compare

SOC 2 TSC

CC3.2
Compare
CC3.4
Compare
CC9.2
Compare

FedRAMP Rev 5

SA-9(1)
Compare

NIST AI RMF

MANAGE-3.1

Canada ITSP 10.171

03.11.01.A
Compare
03.17.02
Compare
03.17.03.A
Compare
03.17.03.B
Compare

Australia ISM

ISM-1568
Compare
ISM-1573
Compare
ISM-1787
Compare

New Zealand HISF

HSUP67
Compare
HHSP25
Compare
HML25
Compare

New Zealand HISF Suppliers

HSUP67
Compare

EU DORA

Article 28.4(a)
Compare
Article 28.4(b)
Compare
Article 28.4(c)
Compare
Article 28.4(d)
Compare
Article 28.4(e)
Compare
Article 29.1(a)
Compare
Article 29.1(b)
Compare

SOC 2 TSC (Detailed)

CC3.2-POF8
Compare
CC3.2-POF9
Compare
CC3.4
Compare
CC9.2
Compare
CC9.2-POF2
Compare
CC9.2-POF3
Compare
CC9.2-POF8
Compare
CC9.2-POF11
Compare

CIS Controls v8.1 (Detailed)

15.5
Compare

GovRAMP

SA-09(01)
Compare

ISO 27002:2022

5.19
Compare

NIST SP 800-161

SA-9(1)
Compare

NIST SP 800-171 Rev 3

03.11.01.a
Compare
03.17.02
Compare
03.17.03.a
Compare
03.17.03.b
Compare

NIST SP 800-171A Rev 3

A.03.17.03.a[01]
Compare

NIST AI 600-1

GV-6.1-005
Compare
GV-6.1-006
Compare
GV-6.1-009
Compare

SPARTA

CM0025
Compare

TISAX

1.3.3
Compare
6.1.1
Compare

FCA CRM

609.930(c)(5)(i)
Compare
609.930(c)(5)(iii)
Compare

GLBA (16 CFR 314)

314.4(f)(1)
Compare
314.4(f)(3)
Compare

NY DFS 23 NYCRR 500

500.11(a)(1)
Compare
500.11(a)(3)
Compare

Ask AI

Configure your API key to use AI features.