>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-9(1)External Information System Services

PBMM (P2)
Secret (P2)
Management

>Control Description

EXTERNAL INFORMATION SYSTEMS | RISK ASSESSMENTS / ORGANIZATIONAL APPROVALS (a) The organization conducts an organizational assessment of risk prior to the acquisition or outsourcing of dedicated information security services; and (b) The organization ensures that the acquisition or outsourcing of dedicated information security services is approved by organization-defined personnel or roles.

>Supplemental Guidance

Dedicated information security services include, for example, incident monitoring, analysis and response, operation of information security-related devices such as firewalls, or key management services. Related controls: CA-6, RA-3.

Ask AI

Configure your API key to use AI features.