SEF-08: Points of Contact Maintenance

CSF v1.1 References:

PF v1.0 References:

Previous Version:

Control Statement

Maintain points of contact for applicable regulation authorities, national and local law enforcement, and other legal jurisdictional authorities.

Implementation Guidance

Maintain points of contact by establishing liaisons and preparing them for any investigations requiring rapid engagement with law enforcement. Document and update security incident contact information regularly. Additionally, processes and responsibilities should be documented and maintained for information accuracy that reflects organizational changes to internal operations and external regulatory environments. Personnel sending security notifications should use these identified contacts.

Auditing Guidance

  1. Examine the process used to determine applicable points of contact, and the procedure for reviewing the list/documentation that contains them.
  2. Verify if the organization has updated the list of points of contact for applicable regulation authorities, national and local law enforcement, and other legal jurisdictional authorities.
  3. Examine when the last updates were done and if there is a schedule for reviewing and updating these contacts.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.