Back

Include roles and responsibilities in system acquisition contracts.


CONTROL ID
14765
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system acquisition contracts., CC ID: 14758

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., FedRAMP Security Controls High Baseline, Version 5)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., FedRAMP Security Controls Low Baseline, Version 5)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and (SA-4h., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)