Mechanisms exist to define and manage the scope for its attack surface management activities.
Control Question
Assessment question for control validation
Does the organization define and manage the scope for its attack surface management activities?
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Core Control Designations
Special designations and baseline inclusions
MAD: VPM-01.1
ESP Level 1: VPM-01.1
ESP Level 2: VPM-01.1
ESP Level 3: VPM-01.1