15.3: Classify Service Providers

CSF v1.1 References:

CSF v2.0 References:

PF v1.0 References:


Info icon.

Control is new to this version of the control set.

Control Statement

Classify service providers. Classification consideration may include one or more characteristics, such as data sensitivity, data volume, availability requirements, applicable regulations, inherent risk, and mitigated risk. Update and review classifications annually, or when significant enterprise changes occur that could impact this Safeguard.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]