|
control enhancementSA-9(1)
Risk Assessments and Organizational Approvals (SA-9(1))
Conduct an organizational assessment of risk prior to the acquisition or outsourcing of information security services; and Verify that the acquisition or outsourcing of dedicated information security services is approved by [organization-defined].
acquisitionsdlcservicessupply-chainenhancement
Why These Connect
Enhances1
These enhancements add specific capabilities or refinements to the base control.