Implement policies requiring all CSPs throughout the supply chain to comply with information security, confidentiality, access control, privacy, audit, personnel policy and service level requirements and standards.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Periodically review the organization's supply chain partners' IT governance policies and procedures.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define and implement a process for conducting security assessments periodically for all organizations within the supply chain.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to identify, report and prioritize the remediation of vulnerabilities, in order to protect systems against vulnerability exploitation. Review and update the policies and procedures at least annually.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect against malware on managed assets. Review and update the policies and procedures at least annually.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and technical measures to enable both scheduled and emergency responses to vulnerability identifications, based on the identified risk.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and technical measures to update detection tools, threat signatures, and indicators of compromise on a weekly, or more frequent basis.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and technical measures to identify updates for applications which use third party or open source libraries according to the organization's vulnerability management policy.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and technical measures for the periodic performance of penetration testing by independent third parties.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and technical measures for the detection of vulnerabilities on organizationally managed assets at least monthly.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Passcode