DE.CM-06: External service provider activities and services are monitored to find potentially adverse events


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Monitor remote and onsite administration and maintenance activities that external providers perform on organizational systems

Ex2: Monitor activity from cloud-based services, internet service providers, and other service providers for deviations from expected behavior

3rd: 3rd Party Risk