myctrl.tools
Compare

CP-2(7)Coordinate With External Service Providers

>Control Description

Coordinate the contingency plan with the contingency plans of external service providers to ensure that contingency requirements can be satisfied.

>Cross-Framework Mappings

SCF

BCD-01.2
Compare

>Supplemental Guidance

When the capability of an organization to carry out its mission and business functions is dependent on external service providers, developing a comprehensive and timely contingency plan may become more challenging. When mission and business functions are dependent on external service providers, organizations coordinate contingency planning activities with the external entities to ensure that the individual plans reflect the overall contingency needs of the organization.

>Related Controls

SA-9

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of CP-2(7) (Coordinate With External Service Providers)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring CP-2(7)?
  • How frequently is the CP-2(7) policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures CP-2(7) requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce CP-2(7) requirements.
  • What automated tools, systems, or technologies are deployed to implement CP-2(7)?
  • How is CP-2(7) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce CP-2(7) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of CP-2(7)?
  • What audit logs, records, reports, or monitoring data validate CP-2(7) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of CP-2(7) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate CP-2(7) compliance?

Ask AI

Configure your API key to use AI features.