CIS Controls v8

CIS 15 Service Provider Management

Starts in IG2 | Manage security risk introduced by external providers.

Implementation Actions

Tier providers by risk.
Assess providers on onboarding/renewal.
Track remediation for external findings.

Evidence Examples

Provider inventory and tiers
Assessment reports
Remediation tracking

Suggested Metrics

Critical provider review coverage
Provider finding closure time

Navigation

Back to All 18 CIS Controls NIST CSF 2.0 Guidance FedRAMP Guidance Cybersecurity Glossary