CPL-05.1 ยท Investigation Request Notifications

Control Description

Mechanisms exist to notify customers about investigation request notifications, unless the applicable legal basis for a government agency's action prohibits notification (e.g., potential criminal prosecution).

Control Question
Assessment question for control validation

Does the organization notify customers about investigation request notifications, unless the applicable legal basis for a government agency's action prohibits notification (e.g., potential criminal prosecution)?

Control Weighting
2
Validation Cadence
Annual
NIST CSF Function
Respond
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Additional Metadata
Applicability (Process):
x