Manual Examination SA_09_1_I

This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.
Return to Main Page
Manual Examination SA_09_1_I_1

FIPS 199 High Impact (for ICS)

Findings Color Code
Satisfied
Other Than Satisfied - not assessed
Other Than Satisfied - failed

NIST SP 800-53A SA-09 .01(i)

Question: Do the system and services acquisition policy and the procedures addressing external information system services specify that the organization require that providers of external information system services employ adequate security controls in accordance with applicable laws, Executive Orders, directives, policies, regulations, standards, guidance, and established service-level agreements ?

Answered by: BOSTON::JOHNSON

As part of Manual Examination group: POLICY_SA

Answer: YES

This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.