STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← All Controls

SA-9

System and Services AcquisitionRev 5

External System Services

CCI Identifiers (15)

CCI-000669Require that providers of external system services comply with organizational security requirements.CCI-000670The organization requires that providers of external information system services employ organization-defined security controls in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.CCI-000671The organization defines government oversight with regard to external information system services.CCI-000672The organization documents government oversight with regard to external information system services.CCI-000673The organization defines user roles and responsibilities with regard to external information system services.CCI-000674The organization documents user roles and responsibilities with regard to external information system services.CCI-000675The organization monitors security control compliance by external service providers.CCI-003137The organization defines security controls that providers of external information system services employ in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.CCI-003138Employ organization-defined processes, methods, and techniques to monitor control compliance by external service providers on an ongoing basis.CCI-003139Defines processes, methods, and techniques to employ to monitor control compliance by external service providers on an ongoing basis.CCI-004782Require that providers of external system services comply with organizational privacy requirements.CCI-004783Require that providers of external system services employ organization-defined controls.CCI-004784Defines the controls for complying with organizational security and privacy requirements.CCI-004785Define and document organizational oversight with regard to external system services.CCI-004786Define and document user roles and responsibilities with regard to external system services.

Linked STIG Checks (0)

No STIG checks reference this control.