STA-14: Supply Chain Data Security Assessment

CSF v1.1 References:

PF v1.0 References:

Previous Version:

Control Statement

Define and implement a process for conducting security assessments periodically for all organizations within the supply chain.

Implementation Guidance

Assessments should validate alignment with applicable industry standards as well as service and contract requirements.

Auditing Guidance

  1. Examine the policy related to the security assessments of the supply chain.
  2. Examine the policy related to identification of risks related to external parties.
  3. Determine if procedures exist for identification of risks related to external parties
  4. Evaluate evidence of the conduct of assessments of organizations within the supply chain, periodically as required by the policy.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.