AST-17
Prohibited Equipment & Services
Description
Mechanisms exist to govern Supply Chain Risk Management (SCRM) sanctions that require the removal and prohibition of certain Technology Assets, Applications and/or Services (TAAS) that are designated as supply chain threats by a statutory or regulatory body.
Control Question
Does the organization govern Supply Chain Risk Management (SCRM) sanctions that require the removal and prohibition of certain Technology Assets, Applications and/or Services (TAAS) that are designated as supply chain threats by a statutory or regulatory body?
Control Metadata
Domain:
Asset Management
Validation Cadence:
Semi-Annual
Evidence Request List:
E-AST-10