STA-09: Third Party Audits

Control Family:

Supply Chain Management, Transparency, and Accountability

CSF v1.1 References:

ID.SC-4
PR.PT-1
DE.CM-6

PF v1.0 References:

ID.DE-P5
CT.DM-P8

Control Statement

Third-party service providers shall demonstrate compliance with information security and confidentiality, access control, service definitions, and delivery level agreements included in third-party contracts. Third-party reports, records, and services shall undergo audit and review at least annually to govern and maintain compliance with the service delivery agreements.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4