DE.CM-06—External service provider activities and services are monitored to find potentially adverse events
>Control Description
This continuous monitoring subcategory ensures that external service provider activities and services are monitored to find potentially adverse events. Key activities include: Monitor remote and onsite administration and maintenance activities that external providers perform on organizational systems; Monitor activity from cloud-based services, internet service providers, and other service providers for deviations from expected behavior.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
LOG-01
LOG-03
LOG-05
LOG-08
TVM-10
CIS Controls v8.0
15.2
15.6
CIS Controls v8.1
15.2
15.6
CRI Profile v2.0
DE.CM-06
DE.CM-06.01
DE.CM-06.02
CSF v1.1
DE.CM-6
DE.CM-7
ISO/IEC 27001:2022
Mandatory Clause: None
Annex A Controls: 5.22
Annex A Controls: 8.16
NICE Framework
DD-WRL-007
IO-WRL-006
OG-WRL-016
PD-WRL-001
PD-WRL-004
PCI DSS
12.8.4
7.2.4
10.2.1
SCF
MON-01
SP 800-171 Rev 3
03.12.03
03.14.06
03.16.03
SP 800-53 Rev 5.1.1
CA-07
PS-07
SA-04
SA-09
SI-04
SP 800-53 Rev 5.2.0
CA-07
PS-07
SA-04
SA-09
SI-04
Ask AI
Configure your API key to use AI features.