Description
The organization employs appropriate management, operational, and technical information system security controls at alternate work sites.
Supplemental Guidance
The organization provides a means for employees to communicate with information system security staff in case of security problems. NIST Special Publication 800-46 provides guidance on security in telecommuting and broadband communications.
Changes from Rev 4
Control text requires determining and documenting allowable alternate work sites New parameter includes specifying alternate work sites Discussion expanded to benefits of assessing effectiveness of applied controls
Enhancements
(0) None.
Compliance Mappings
ISO 27001:2022
A.6.7
ISO 27002:2022
6.7
COBIT 2019
DSS01DSS05
SOC 2 TSC
A1.2
CSA CCM v4
HRS-04
CSA AICM v1
HRS-04
PRA Operational Resilience
SS1/21-5.3
BSI IT-Grundschutz
CON.7INF.1INF.2OPS.1.2.4
ANSSI
Hygiene.37SecNumCloud.12.1
FINMA Circular 2023/1
IV.E(89)IV.E(90)
OSFI B-13
B-13.2.6B-13.3.2
EU GDPR
Art.32(1)(b)
BIO2
6.7
RBI CSF
ITGRCA.20
FISC Security Guidelines
FISC.F5
HKMA TM-E-1
TME1.5.1TME1.6.4TME1.8.5
DNB Good Practice
DNB.11.3
SAMA CSF
3.7
NCA ECC
1-112-6
UAE IA
T6
CBB TM
TM-10
Qatar NIA
PS
CBE CSF
CTO-10
SA JS2
JS2-PE
CBN CSF
Part10
BoG CISD
CISD-XIV
BoM CTRM
3.5
IOSCO Cyber Resilience
PROT-5
CPMI-IOSCO PFMI
CG.RRPFMI.P17
FFIEC IS
II.C.8
ECB CROE
CROE.2.3.6CROE.2.5.2
EBA ICT Guidelines
3.4.3
SEBI CSCRF
PR.PE
BOT Cyber Resilience
Ch2.8
CMMC 2.0
PE
Solvency II
EIOPA-ICT-4.5
Lloyd's Minimum Standards
PHYS.1
HITRUST CSF v11
01.d05.c
ISO 27799
6.3
ISO 17799 (legacy)
11.7.2
COBIT 4.1 (legacy)
None.