compliance controls are associated with this Policy definition 'Obtain functional properties of security controls' (44b71aa8-099d-8b97-1557-0e853ec38e0d)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SA-4(1) |
FedRAMP_High_R4_SA-4(1) |
FedRAMP High SA-4 (1) |
System And Services Acquisition |
Functional Properties Of Security Controls |
Shared |
n/a |
The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed.
Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. |
link |
1 |
| FedRAMP_Moderate_R4 |
SA-4(1) |
FedRAMP_Moderate_R4_SA-4(1) |
FedRAMP Moderate SA-4 (1) |
System And Services Acquisition |
Functional Properties Of Security Controls |
Shared |
n/a |
The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed.
Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. |
link |
1 |
| hipaa |
17101.10a3Organizational.6-10.a |
hipaa-17101.10a3Organizational.6-10.a |
17101.10a3Organizational.6-10.a |
17 Risk Management |
17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems |
Shared |
n/a |
The organization requires the developer of the information system, system component, or information system service to provide specific control design and implementation information. |
|
7 |
| NIST_SP_800-53_R4 |
SA-4(1) |
NIST_SP_800-53_R4_SA-4(1) |
NIST SP 800-53 Rev. 4 SA-4 (1) |
System And Services Acquisition |
Functional Properties Of Security Controls |
Shared |
n/a |
The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed.
Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. |
link |
1 |
| NIST_SP_800-53_R5 |
SA-4(1) |
NIST_SP_800-53_R5_SA-4(1) |
NIST SP 800-53 Rev. 5 SA-4 (1) |
System and Services Acquisition |
Functional Properties of Controls |
Shared |
n/a |
Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented. |
link |
1 |
| PCI_DSS_v4.0 |
12.8.2 |
PCI_DSS_v4.0_12.8.2 |
PCI DSS v4.0 12.8.2 |
Requirement 12: Support Information Security with Organizational Policies and Programs |
Risk to information assets associated with third-party service provider (TPSP) relationships is managed |
Shared |
n/a |
Written agreements with TPSPs are maintained as follows:
• Written agreements are maintained with all TPSPs with which account data is shared or that could affect the security of the CDE.
• Written agreements include acknowledgments from TPSPs that they are responsible for the security of account data the TPSPs possess or otherwise store, process, or transmit on behalf of the entity, or to the extent that they could impact the security of the entity’s CDE. |
link |
15 |
| PCI_DSS_v4.0 |
12.8.5 |
PCI_DSS_v4.0_12.8.5 |
PCI DSS v4.0 12.8.5 |
Requirement 12: Support Information Security with Organizational Policies and Programs |
Risk to information assets associated with third-party service provider (TPSP) relationships is managed |
Shared |
n/a |
Information is maintained about which PCI DSS requirements are managed by each TPSP, which are managed by the entity, and any that are shared between the TPSP and the entity. |
link |
13 |