15.3: Classify Service Providers
CSF v1.1 References:
PF v1.0 References:
Control is new to this version of the control set.
Control Statement
Classify service providers. Classification consideration may include one or more characteristics, such as data sensitivity, data volume, availability requirements, applicable regulations, inherent risk, and mitigated risk. Update and review classifications annually, or when significant enterprise changes occur that could impact this Safeguard.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]