CPL-03.2 ยท Functional Review Of Cybersecurity & Data Protection Controls

Control Description

Mechanisms exist to regularly review Technology Assets, Applications and/or Services (TAAS) for adherence to the organization's cybersecurity and data protection policies and standards.

Control Question
Assessment question for control validation

Does the organization regularly review Technology Assets, Applications and/or Services (TAAS) for adherence to its cybersecurity and data protection policies and standards?

Control Weighting
8
Validation Cadence
Quarterly
NIST CSF Function
Detect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: CPL-03.2
ESP Level 1: CPL-03.2
ESP Level 2: CPL-03.2
ESP Level 3: CPL-03.2
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control