STA-08: Third Party Assessment

CSF v1.1 References:

PF v1.0 References:

Next Version:

Info icon.

The next version of the control set incorporates all or part of this control into: STA-08: Supply Chain Risk Management.

Control Statement

Providers shall assure reasonable information security across their information supply chain by performing an annual review. The review shall include all partners/third party-providers upon which their information supply chain depends on.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.