Security Controls

🛡️ Security Controls

Relevant security controls from major frameworks:

CIS Critical Security Controls® v8.0

12.815.115.215.5
Hide Control Details (4 controls)
12.8Establish and maintain an inventory of service providers. The inventory is to list all known service providers, include classification(s), and designate an enterprise contact for each service provider. Review and update the inventory annually, or when significant enterprise changes occur that could impact this Safeguard.
DevicesProtect
Establish and maintain dedicated computing resources, either physically or logically separated, for all administrative tasks or tasks requiring administrative access. The computing resources should be segmented from the enterprise's primary network and not be allowed internet access.
15.1Establish and Maintain an Inventory of Service Providers
N/AIdentify
Establish and manage an updated inventory of third-party components used in development, often referred to as a “bill of materials,” as well as components slated for future use. This inventory is to include any risks that each third-party component could pose. Evaluate the list at least monthly to identify any changes or updates to these components, and validate that the component is still supported. 
15.2Establish and Maintain a Service Provider Management Policy
N/AIdentify
Establish and maintain a service provider management policy. Ensure the policy addresses the classification, inventory, assessment, monitoring, and decommissioning of service providers. Review and update the policy annually, or when significant enterprise changes occur that could impact this Safeguard.
15.5Assess Service Providers
N/AIdentify
Assign key roles and responsibilities for incident response, including staff from legal, IT, information security, facilities, public relations, human resources, incident responders, and analysts, as applicable. Review annually, or when significant enterprise changes occur that could impact this Safeguard.
Attribution

Copyright Notice
© 2025 Center for Internet Security, Inc. ("CIS"). All rights reserved.

License
This product/service incorporates the CIS Critical Security Controls® with the express permission of the Center for Internet Security, Inc. Use of the CIS Controls in this commercial offering is authorized under a commercial license granted by CIS.

Trademark Notice
"CIS®" and "CIS Critical Security Controls®" are registered trademarks of the Center for Internet Security, Inc. and are used under license.

Source Reference
The original CIS Critical Security Controls are available, free of charge for non-commercial use, at: https://www.cisecurity.org/controls.

Disclaimer
CIS does not endorse, certify, or warrant this product/service. Any views or interpretations are those of Paranoid Cybersecurity, not CIS.