SAT-03.4 ยท Vendor Cybersecurity & Data Protection Training

Control Description

Mechanisms exist to incorporate vendor-specific security training in support of new technology initiatives.

Control Question
Assessment question for control validation

Does the organization incorporate vendor-specific security training in support of new technology initiatives?

Control Weighting
7
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Errata & Additional Notes

- wordsmithed control - renamed