CLD-14 ยท Prohibition On Unverified Hosted Assets, Applications & Services

Control Description

Mechanisms exist to prohibit access to, or usage of, hosted Technology Assets, Applications and/or Services (TAAS) until applicable cybersecurity and data protection control implementation is verified.

Control Question
Assessment question for control validation

Does the organization prohibit access to, or usage of, hosted Technology Assets, Applications and/or Services (TAAS) until applicable cybersecurity and data protection control implementation is verified?

Control Weighting
8
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Core Control Designations
Special designations and baseline inclusions
MAD: CLD-14
Errata & Additional Notes

- wordsmithed control