>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-9External System Services

>Control Description

a

Require that providers of external system services comply with organizational security and privacy requirements and employ the following controls: organization-defined controls;

b

Define and document organizational oversight and user roles and responsibilities with regard to external system services; and

c

Employ the following processes, methods, and techniques to monitor control compliance by external service providers on an ongoing basis: organization-defined processes, methods, and techniques.

>Related Controls

AC-20
CA-3
CP-2
IR-4
IR-7
PL-10
PL-11
PS-7
SA-2
SA-4
SR-3
SR-5

Ask AI

Configure your API key to use AI features.