CLD-13
Hosted Assets, Applications & Services
Description
Mechanisms exist to specify applicable cybersecurity and data protection controls that must be implemented on external Technology Assets, Applications and/or Services (TAAS), consistent with the contractual obligations established with the External Service Providers (ESP) owning, operating and/or maintaining external TAAS.
Control Question
Does the organization specify applicable cybersecurity and data protection controls that must be implemented on external Technology Assets, Applications and/or Services (TAAS), consistent with the contractual obligations established with the External Service Providers (ESP) owning, operating and/or maintaining external TAAS?
Control Metadata
Domain:
Cloud Security
Validation Cadence:
Annual