SAMMY UI is optimized for resolutions with a width 1024px and higher.
Cybersecurity Fundamentals
Browse Cybersecurity...
PR.AT-1: All users are informed and trained
PR.AT-2: Privileged users understand their roles and responsibilities
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities
PR.AT-4: Senior executives understand their roles and responsibilities
PR.AT-5: Physical and cybersecurity personnel understand their roles and responsibilities
Maturity Level 2
Maturity Level 3
PR.AT-3.1
PR.AT-3.1: The organization shall establish and enforce security requirements for business-critical third-party providers and users.
  • Enforcement should include that ‘third party stakeholder’-users (e.g. suppliers, customers, partners) can demonstrate the understanding of their roles and responsibilities.
Description

The organization shall establish and enforce security requirements for business-critical third-party providers and users.

PR.AT-3.2
PR.AT-3.2: Third-party providers shall be required to notify any personnel transfers, termination, or transition involving personnel with physical or logical access to organization's business critical system's components.
  • Third-party providers include, for example, service providers, contractors, and other organizations providing system development, technology services, outsourced applications, or network and security management.
Description

Third-party providers shall be required to notify any personnel transfers, termination, or transition involving personnel with physical or logical access to organization's business critical system's components.

PR.AT-3.3
PR.AT-3.3: The organization shall monitor business critical service providers and users for security compliance.
  • Third party audit results can be used as audit evidence.
Description

The organization shall monitor business critical service providers and users for security compliance.