IAO-03.2: Adequate Security for Sensitive / Regulated...

IAO-03.2 · Adequate Security for Sensitive / Regulated Data In Support of Contracts

Control Description

Mechanisms exist to protect sensitive/regulated data that is collected, developed, received, transmitted, used or stored in support of the performance of a contract.

Control Question

Assessment question for control validation

Does the organization protect sensitive/regulated data that is collected, developed, received, transmitted, used or stored in support of the performance of a contract?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Protect

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 1 - Strategic

Tier 2 - Operational

Tier 3 - Tactical

Core Control Designations

Special designations and baseline inclusions

ESP Level 1: IAO-03.2

ESP Level 2: IAO-03.2

ESP Level 3: IAO-03.2

Additional Metadata

Applicability (Process):