Back

Include the management requirements for network services in the Service Level Agreement.


CONTROL ID
12025
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Service Level Agreement framework., CC ID: 00839

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Security mechanisms, service levels and management requirements of all network services shall be identified and included in network services agreements, whether these services are provided in-house or outsourced. (A.13.1.2 Control, ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements, 2013)
  • Security mechanisms, service levels and management requirements of all network services should be identified and included in network services agreements, whether these services are provided in-house or outsourced. (§ 13.1.2 Control, ISO/IEC 27002:2013(E), Information technology — Security techniques — Code of practice for information security controls, Second Edition)
  • Security mechanisms, service levels and service requirements of network services should be identified, implemented and monitored. (§ 8.21 Control, ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection — Information security controls, Third Edition)
  • DoD application development Zone B instantiated in cloud infrastructure must minimally be implemented in a CSP's CSO that has a Level 2 PA to support pre-production application development with developers accessing the zone via the Internet. Consideration for implementing Zone B in a Level 4/5 CSO f… (Section 5.14 ¶ 8, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)