third-party

third-party Controls

8 controls across 4 frameworks.

CISA CPG

Third-party vendors are required to meet minimum security standards

Governance and Training / Governance and Training

Third-party software and services are inventoried and assessed for risk

Supply Chain / Supply Chain

Verify and control connections to external information systems

Access Control / External Connections

External service provider activities and services are monitored to detect potentially adverse events

Detect / Continuous Monitoring

Outcomes, capabilities, and services that the organization depends on are understood and communicated

Govern / Organizational Context

Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties

Govern / Risk Management Strategy

Inventories of services provided by suppliers are maintained

Identify / Asset Management

Third-party vendor risk is assessed and managed

Security / Risk Mitigation