CLD-13.2 ยท Sensitive / Regulated Data On Hosted Assets, Applications & Services

Control Description

Mechanisms exist to define formal processes to store, process and/or transmit sensitive/regulated data using External Service Providers (ESP) owned, operated and/or maintained external Technology Assets, Applications and/or Services (TAAS), in accordance with all applicable statutory, regulatory and/or contractual obligations.

Control Question
Assessment question for control validation

Does the organization define formal processes to store, process and/or transmit sensitive/regulated data using External Service Providers (ESP) owned, operated and/or maintained external Technology Assets, Applications and/or Services (TAAS), in accordance with all applicable statutory, regulatory and/or contractual obligations?

Control Weighting
9
Validation Cadence
Semi-Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Core Control Designations
Special designations and baseline inclusions
MAD: CLD-13.2
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control