>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TPM-05Third-Party Contract Requirements

Weight: 10

>Control Description

Mechanisms exist to require contractual requirements for cybersecurity and data protection requirements with third-parties, reflecting the organization's needs to protect its Technology Assets, Applications, Services and/or Data (TAASD).

>Cross-Framework Mappings

NIST SP 800-53 r5

SR-3(3)
Compare

NIST CSF 2.0

GV.OC-02
Compare
GV.OC-03
Compare
GV.SC-02
Compare
GV.SC-05
Compare
GV.SC-06
Compare

PCI DSS v4.0.1

12.4.2
Compare
12.4.2.1
Compare
12.8.2
Compare
12.8.5
Compare
12.9.1
Compare
12.9.2
Compare
8.2.3
Compare

CIS Controls v8

15.4
Compare

SOC 2 TSC

CC1.1
Compare
CC2.3
Compare
CC9.1
Compare
CC9.2
Compare
P6.4
Compare

CMMC v2.0

AC.L1-B.1.I
Compare
AC.L2-3.1.1
Compare

NIST SP 800-171

3.1.1
Compare

Canada ITSP 10.171

03.01.20.B
Compare
03.01.20.C.01
Compare
03.01.20.C.02
Compare
03.07.06.A
Compare
03.16.03.A
Compare
03.16.03.B
Compare
03.16.03.C
Compare
03.17.02
Compare
03.17.03.B
Compare

Australia ISM

ISM-0072
Compare
ISM-1395
Compare
ISM-1451
Compare
ISM-1569
Compare
ISM-1571
Compare
ISM-1572
Compare
ISM-1573
Compare
ISM-1574
Compare
ISM-1575
Compare
ISM-1738
Compare

China Cybersecurity Law

Article 36
Compare

India DPDPA

8(7)(b)
Compare

India SEBI Guidelines

GV.OC.S3
Compare
GV.SC.S3
Compare
GV.SC.S8
Compare
PR.AT.S3
Compare

New Zealand HISF

HSUP63
Compare
HSUP68
Compare
HHSP09
Compare
HHSP36
Compare
HHSP72
Compare
HML09
Compare
HML36
Compare
HML72
Compare
HMS06
Compare

New Zealand HISF Suppliers

HSUP63
Compare
HSUP68
Compare

EU DORA

Article 28.1(a)
Compare
Article 29.2
Compare
Article 30.1
Compare
Article 30.2
Compare
Article 30.2(a)
Compare
Article 30.2(b)
Compare
Article 30.2(c)
Compare
Article 30.2(d)
Compare
Article 30.2(e)
Compare
Article 30.2(f)
Compare
Article 30.2(g)
Compare
Article 30.2(h)
Compare
Article 30.2(i)
Compare
Article 30.3
Compare
Article 30.3(a)
Compare
Article 30.3(b)
Compare
Article 30.3(c)
Compare
Article 30.3(d)
Compare
Article 30.3(e)(i)
Compare
Article 30.3(e)(ii)
Compare
Article 30.3(e)(iii)
Compare
Article 30.3(e)(iv)
Compare
Article 30.3(f)(i)
Compare
Article 30.4
Compare

Saudi Arabia IoT Guidelines

4-1-1
Compare
4-2-5
Compare

Saudi Arabia PDPL

Article 8
Compare

UK DEF STAN 05-138

1401.0
Compare
2323.0
Compare

SOC 2 TSC (Detailed)

CC1.1-POF5
Compare
CC2.3-POF2
Compare
CC2.3-POF6
Compare
CC2.3-POF7
Compare
CC2.3-POF10
Compare
CC2.3-POF11
Compare
CC2.3-POF12
Compare
CC9.1
Compare
CC9.2-POF1
Compare
CC9.2-POF5
Compare
CC9.2-POF6
Compare
CC9.2-POF9
Compare
CC9.2-POF10
Compare
P6.4-POF3
Compare

CIS Controls v8.1 (Detailed)

15.4
Compare

ISO 27002:2022

5.2
Compare
5.19
Compare
5.21
Compare
5.31
Compare
6.6
Compare
8.3
Compare
8.21
Compare

ISO 27701

6.1.3(h)
Compare

ISO 42001:2023 (Detailed)

A.10.2
Compare
A.10.3
Compare

NAIC Model Law 668

4.F(2)
Compare

NIST SP 800-161

SA-9(3)
Compare
SR-3(3)
Compare

NIST SP 800-171 Rev 3

03.01.20.b
Compare
03.01.20.c.01
Compare
03.01.20.c.02
Compare
03.07.06.a
Compare
03.16.03.a
Compare
03.16.03.b
Compare
03.16.03.c
Compare
03.17.02
Compare
03.17.03.b
Compare

NIST SP 800-171A Rev 3

A.03.16.03.ODP[01]
Compare
A.03.16.03.a
Compare

NIST SP 800-218 SSDF

PO.1
Compare

NIST AI 600-1

GV-6.1-004
Compare
GV-6.1-010
Compare
GV-6.2-007
Compare

TISAX

1.2.4
Compare
1.3.3
Compare
6.1.1
Compare
8.2.1
Compare
8.2.2
Compare
8.3.1
Compare

Data Privacy Management Principles

10.3
Compare

45 CFR 155.260

155.260(b)(2)
Compare
155.260(b)(2)(i)
Compare
155.260(b)(2)(ii)
Compare
155.260(b)(2)(iii)
Compare
155.260(b)(2)(iv)
Compare

FBI CJIS

5.1.1.2
Compare
5.1.1.3
Compare
5.1.1.4
Compare
5.1.1.5
Compare
5.1.1.6
Compare
5.1.1.7
Compare
5.1.1.8
Compare
5.1.4
Compare

US Data Privacy Framework

II.3.a
Compare
II.3.b
Compare
II.7.d
Compare
III.10.a.i
Compare
III.10.a.ii.1
Compare
III.10.a.ii.2
Compare
III.10.a.ii.3
Compare
III.10.a.iii
Compare

CISA CPG

1.G
Compare
1.H
Compare

CMMC 2.0 Level 1

AC.L1-B.1.I
Compare

FCA CRM

609.930(c)(4)
Compare
609.930(c)(5)(ii)
Compare

GLBA (16 CFR 314)

314.4(a)
Compare
314.4(a)(1)
Compare
314.4(a)(2)
Compare
314.4(a)(3)
Compare

HIPAA Simplification 2013

§ 164.308(b)(1)
Compare
§ 164.308(b)(2)
Compare
§ 164.308(b)(3)
Compare
§ 164.314(a)(2)(iii)
Compare
§ 164.314(b)(1)
Compare
§ 164.314(b)(2)(i)
Compare
§ 164.314(b)(2)(ii)
Compare
§ 164.314(b)(2)(iii)
Compare
§ 164.502(a)(4)(i)
Compare
§ 164.502(a)(4)(ii)
Compare
§ 164.502(e)(1)(i)
Compare
§ 164.502(e)(2)
Compare
§ 164.504(e)(2)(i)
Compare
§ 164.504(e)(2)(i)(A)
Compare
§ 164.504(e)(2)(i)(B)
Compare
§ 164.504(e)(2)(ii)(J)
Compare
§ 164.504(e)(4)(i)(B)(ii)(B)(1)
Compare
§ 164.504(e)(4)(i)(B)(ii)(B)(2)
Compare
§ 164.504(f)(1)(i)
Compare
§ 164.504(f)(2)(i)
Compare
§ 164.504(f)(2)(ii)
Compare
§ 164.504(f)(2)(ii)(A)
Compare
§ 164.504(f)(2)(ii)(B)
Compare
§ 164.504(f)(2)(ii)(C)
Compare
§ 164.504(f)(2)(ii)(D)
Compare
§ 164.504(f)(2)(ii)(E)
Compare
§ 164.504(f)(2)(ii)(F)
Compare
§ 164.504(f)(2)(ii)(G)
Compare
§ 164.504(f)(2)(ii)(H)
Compare
§ 164.504(f)(2)(ii)(I)
Compare
§ 164.504(f)(2)(ii)(J)
Compare
§ 164.504(f)(2)(iii)(A)
Compare
§ 164.504(f)(2)(iii)(B)
Compare
§ 164.504(f)(2)(iii)(C)
Compare
§ 164.504(f)(3)(i)
Compare
§ 164.504(f)(3)(ii)
Compare
§ 164.504(f)(3)(iii)
Compare
§ 164.504(f)(3)(iv)
Compare

SEC Cybersecurity Rule

17 CFR 229.106(b)(1)(iii)
Compare

NY DFS 23 NYCRR 500

500.2(d)
Compare
500.10(a)(1)
Compare
500.10(b)
Compare
500.11(a)(1)
Compare
500.11(a)(2)
Compare
500.11(b)
Compare
500.11(b)(1)
Compare
500.11(b)(2)
Compare
500.11(b)(3)
Compare
500.11(b)(4)
Compare

Oregon CPA

Section 6(2)(a)
Compare
Section 6(2)(b)
Compare
Section 6(2)(c)
Compare
Section 6(2)(d)
Compare
Section 6(2)(e)
Compare
Section 6(2)(f)
Compare
Section 6(2)(g)
Compare
Section 6(2)(h)
Compare

Texas CDPA

541.104(a)
Compare
541.104(b)
Compare

Virginia CDPA

59.1-579.B.5
Compare

Ask AI

Configure your API key to use AI features.