DCH-13.3 ยท Protecting Sensitive / Regulated Data on External Technology Assets, Applications and/or Services (TAAS)

Control Description

Mechanisms exist to ensure that the requirements for the protection of sensitive/regulated data processed, stored or transmitted on external Technology Assets, Applications and/or Services (TAAS), are implemented in accordance with applicable statutory, regulatory and contractual obligations.

Control Question
Assessment question for control validation

Does the organization ensure that the requirements for the protection of sensitive/regulated data processed, stored or transmitted on external Technology Assets, Applications and/or Services (TAAS), are implemented in accordance with applicable statutory, regulatory and contractual obligations?

Control Weighting
10
Validation Cadence
Semi-Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
ESP Level 2: DCH-13.3
ESP Level 3: DCH-13.3
Errata & Additional Notes

- wordsmithed control - renamed - updated mapping CMMC Level 1 & FAR 52.204-21