{"id":1818,"date":"2024-08-19T16:49:40","date_gmt":"2024-08-19T16:49:40","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1818"},"modified":"2024-09-05T00:37:21","modified_gmt":"2024-09-05T00:37:21","slug":"sa-9-external-system-services","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/system-and-services-acquisition-sa\/sa-9-external-system-services\/","title":{"rendered":"SA-9: External System Services"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">SA-9: External System Services<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: <\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Privacy Baseline: &nbsp;<\/strong>Yes&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By:<\/strong> &nbsp;07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: \u00a0<\/strong>08\/08\/2024\u00a0<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The information resource owner, or designee, is responsible for:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Requiring that providers of external information system services comply with university information security controls, and applicable federal laws, state laws, executive orders, directives, policies, regulations, standards, and guidance;&nbsp;\n<ul class=\"wp-block-list\">\n<li>In accordance with Texas Department of Information Resources (DIR) Security Control Catalog requirements, information resources assigned from or shared between one state agency to another or from\/between a state agency to a contractor or other third party shall be protected in accordance with the conditions imposed by the providing state agency at a minimum.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Defining and documenting oversight and user roles and responsibilities with regard to external information system services; and&nbsp;<\/li>\n\n\n\n<li>Employing processes and procedures to monitor security control compliance by external service providers on an ongoing basis.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.whitehouse.gov\/sites\/whitehouse.gov\/files\/omb\/circulars\/A130\/a130revised.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">OMB A-130<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-35\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-35<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-160v1\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-160-1<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-161\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-161<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-171r2\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-171<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SA-9: External System Services NIST Baseline: Low&nbsp; Privacy Baseline: &nbsp;Yes&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: \u00a008\/08\/2024\u00a0 References\/Additional Resources OMB A-130&nbsp; SP 800-35&nbsp; SP 800-160-1&nbsp; SP 800-161&nbsp; SP 800-171&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1975,"menu_order":7,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1818","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on August 19, 2024","modified":"Updated on September 5, 2024"},"absolute_dates_time":{"created":"Posted on August 19, 2024 4:49 pm","modified":"Updated on September 5, 2024 12:37 am"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1818"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1818\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1975"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}