SCF - DCH-13.1 - Limits of Authorized Use
Mechanisms exist to prohibit external parties, systems and services from storing, processing and transmitting data unless authorized individuals first:
- Verifying the implementation of required security controls; or
- Retaining a processing agreement with the entity hosting the external systems or service.
Mapped framework controls
NIST 800-53
- AC-20(1)
Control questions
Does the organization prohibit external parties, systems and services from storing, processing and transmitting data unless authorized individuals first:
- Verifying the implementation of required security controls; or
- Retaining a processing agreement with the entity hosting the external systems or service?