ControlTitle,ControlName,ControlSet,ControlDomain,ControlSources,ControlDescription,TestingInformation,ControlStatus,ControlImportantText,EvidenceExtractionDetail,RemediationText,EvidenceCollectionType,Events,TemplateName,TemplateTitle,TemplateDescription,TemplateNecessity,TemplateOverview,TemplateStatus,TemplateLogo,ComplianceStandard,VendorName,VendorContactDetails
Data Security 2.1.1 -  Customer Data Ingested (Requires manual attestation),Everest Manual - DS 2.1.1,Data Security,Data security and privacy,Manual,Create a list of data needed from customers for product functionality.,,ACTIVE,,Describe all data consumed from customers. Specify if sensitive or confidential data is consumed.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.2.1 - Data Storage Location (Requires manual attestation),Everest Manual - DS 2.2.1,Data Security,Data security and privacy,Manual,Where is customer data stored? List the countries and Regions where data is stored.,,ACTIVE,,Specify the list of countries and Regions where data is stored.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.3.1 - Access Control - Employee Access (Requires manual attestation),Everest Manual - DS 2.3.1,Data Security,Data security and privacy,Manual,Do employees have access to unencrypted customer data?,,ACTIVE,,"Specify if employees have access to unencrypted customer data. If yes, explain briefly why they need access. If no, explain briefly how you control access.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.3.2 - Access Control - Mobile Application (Requires manual attestation),Everest Manual - DS 2.3.2,Data Security,Data security and privacy,Manual,Can customers access their data through mobile application?,,ACTIVE,,"Specify if customers can access their data using a mobile application. If yes, provide more details. How do customers sign in? Are credentials cached by the application? How often are tokens refreshed?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.3.3 - Access Control - Countries Data is Transmitted to (Requires manual attestation),Everest Manual - DS 2.3.3,Data Security,Data security and privacy,Manual,Is customer data transmitted to countries outside the origin?,,ACTIVE,,"Is customer data transmitted to countries outside the origin? If yes, specify the list of countries where customer data is transmitted or received.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.3.4 - Access Control - Is Data Shared with Third Party Vendors (Requires manual attestation),Everest Manual - DS 2.3.4,Data Security,Data security and privacy,Manual,Is customer data shared with third-party vendors (other than cloud service providers)?,,ACTIVE,,"Is customer data shared with third-party vendors? If yes, specify the list of third-party vendors and their countries or Region where you provide customer data.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.3.5 - Access Control - Security Policy related to Third Party Vendors,Everest Manual - DS 2.3.5,Data Security,Data security and privacy,Manual,"Do you have policies/procedures in place to ensure that third-party vendors maintain the confidentiality, availability, and integrity of customer data?",,ACTIVE,,"Specify if you have policies/procedures in place to ensure that third-party vendors maintain the confidentiality, availability and integrity of customer data. If yes, upload a manual or document of it.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.4.1 - Data Encryption - Data Encryption at Rest,Everest Manual - DS 2.4.1,Data Security,Data security and privacy,Manual,Is all data encrypted at rest?,,ACTIVE,,Specify if all data is encrypted at rest.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.4.2 - Data Encryption - Data Encryption in Transit,Everest Manual - DS 2.4.2,Data Security,Data security and privacy,Manual,Is all data encrypted in-transit?,,ACTIVE,,Specify if all data is encrypted in-transit.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.4.3 - Data Encryption - Strong Algorithms (Requires manual attestation),Everest Manual - DS 2.4.3,Data Security,Data security and privacy,Manual,Do you use strong encryption algorithms?,,ACTIVE,,"Do you use strong encryption algorithms? If yes, specify what encryption algorithms (such as, RSA, AES 256) are used.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.4.4 - Data Encryption - Unique Encryption Key (Requires manual attestation),Everest Manual - DS 2.4.4,Data Security,Data security and privacy,Manual,Are clients provided with the ability to generate a unique encryption key?,,ACTIVE,,"Can clients provide or generate their own unique encryption keys? If yes, please provide more details and upload evidence.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.4.5 - Data Encryption - Encryption Keys Access (Requires manual attestation),Everest Manual - DS 2.4.5,Data Security,Data security and privacy,Manual,Are staff prevented from accessing client's encryption keys?,,ACTIVE,,"Specify if your employees are prevented from accessing client's encryption keys. If no, explain why they have access to customer keys. If yes, explain how access is controlled.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.5.1 - Data Storage and Classification - Data Backup,Everest Manual - DS 2.5.1,Data Security,Data security and privacy,Manual,Do you back up customer data?,,ACTIVE,,"Specify if you back up customer data. If yes, describe your back up policy (including details about how often backup occurs, where the backup is stored, backup encryption and redundancy.)",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.5.2 - Data Storage and Classification - Data Access Control Policy,Everest Manual - DS 2.5.2,Data Security,Data security and privacy,Manual,Do you implement appropriate access controls for stored customer data? Provide your access control policies.,,ACTIVE,,Specify if appropriate access controls (such as RBAC) is implemented for stored customer data. Please provide more details and manual evidence on how you control access to the data.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.5.3 - Data Storage and Classification - Transaction Data (Requires manual attestation),Everest Manual - DS 2.5.3,Data Security,Data security and privacy,Manual,Is the customer's transaction details (such as payment card information and information about the groups conducting transactions) stored in a perimeter zone?,,ACTIVE,,"Specify if the customer's transaction details (such as payment card information and information about the groups conducting transactions) will be stored in a perimeter zone. If yes, please explain why it gets stored.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.5.4 - Data Storage and Classification - Information Classification,Everest Manual - DS 2.5.4,Data Security,Data security and privacy,Manual,"Is customer data classified according to legal or regulatory requirements, business value, and sensitivity to unauthorized disclosure or modification?",,ACTIVE,,"Specify if customer data is classified by sensitivity. If yes, upload manual evidence of this classification.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.5.5 - Data Storage and Classification - Data Segmentation (Requires manual attestation),Everest Manual - DS 2.5.5,Data Security,Data security and privacy,Manual,Is data segmentation and separation capability between clients provided?,,ACTIVE,,"Specify if the different client's data is segmented. If no, explain mechanisms you have to protect cross contamination.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.6.1 - Data Retention (Requires manual attestation),Everest Manual - DS 2.6.1,Data Security,Data security and privacy,Manual,How long do you retain data?,,ACTIVE,,"Specify the duration of data retention. If the retention period differs by data classification and sensitivity, can you provide details on each retention period?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Data Security 2.6.2 - Data Retention after Client's Unsubscribe (Requires manual attestation),Everest Manual - DS 2.6.2,Data Security,Data security and privacy,Manual,How long do you retain data after buyers unsubscribe?,,ACTIVE,,Specify the duration of data retention after customers unsubscribe.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Audit and Compliance 1.1.1 - Certifications Completed (Requires manual attestation),Everest Manual - Cert 1.1.1,Audit and Compliance,Governance and oversight,Manual,List certifications you have.,,ACTIVE,,Specify which certifications you have.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Audit and Compliance 1.2.1 - Certification in Progress (Requires manual attestation),Everest Manual - Cert 1.2.1,Audit and Compliance,Governance and oversight,Manual,List additional certificates that are currently in progress.,,ACTIVE,,List any additional certificates that are currently being audited/reviewed with an estimated completion date.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Audit and Compliance 1.3.1 - Procedures ensuring Compliance - Procedures ensuring Compliance,Everest Manual - Cert 1.3.1,Audit and Compliance,Governance and oversight,Manual,"Do you have a policy/procedure to ensure compliance with applicable legislative, regulatory, and contractual requirements?",,ACTIVE,,"Specify if you have a policy/procedure to ensure compliance with applicable legislative, regulatory and contractual requirements. If yes, list details about the procedure and upload manual evidence.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Audit and Compliance 1.3.2 - Procedures ensuring Compliance - Audits to Track Outstanding Requirements,Everest Manual - Cert 1.3.2,Audit and Compliance,Governance and oversight,Manual,Are audits completed to track outstanding regulatory and compliance requirements?,,ACTIVE,,"Specify if audits are done to track outstanding requirements. If yes, provide details.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Audit and Compliance 1.3.3 - Procedures ensuring Compliance - Deviations and Exceptions (Requires manual attestation),Everest Manual - Cert 1.3.3,Audit and Compliance,Governance and oversight,Manual,Do you have a process to handle deviations and exceptions from compliance requirements?,,ACTIVE,,"Specify if there is a process to handle exceptions or deviations from compliance requirements. If yes, provide details.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Security and Configuration Policy 10.1.1 - Policies for Information Security - Information Security Policy,Everest Manual - SP 10.1.1,Security and Configuration Policy,Governance and oversight,Manual,Do you have an information security policy that is owned and maintained by a security team?,,ACTIVE,,"Specify if you have a information security policy. If yes, share or upload a manual evidence.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Security and Configuration Policy 10.1.2 - Policies for Information Security - Policy Review,Everest Manual - SP 10.1.2,Security and Configuration Policy,Governance and oversight,Manual,Are all security policies reviewed annually?,,ACTIVE,,"Specify if security policies are reviewed annually. If no, how often are the policies reviewed?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Security and Configuration Policy 10.2.1 - Policies for Security Configurations - Security Configurations (Requires manual attestation),Everest Manual - SP 10.2.1,Security and Configuration Policy,Governance and oversight,Manual,Are security configuration standards maintained and documented?,,ACTIVE,,"Specify if all security configuration standards are maintained and documented. If yes, share or upload a manual evidence.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Security and Configuration Policy 10.2.2 - Policies for Security Configurations - Security Configurations Review (Requires manual attestation),Everest Manual - SP 10.2.2,Security and Configuration Policy,Governance and oversight,Manual,Are security configurations reviewed at least annually?,,ACTIVE,,"Specify if security configurations are reviewed at least annually. If no, specify the frequency of review.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Security and Configuration Policy 10.2.3 - Policies for Security Configurations - Changes to Configurations,Everest Manual - SP 10.2.3,Security and Configuration Policy,Governance and oversight,Manual,Are changes to configurations logged?,,ACTIVE,,"Specify if configuration changes are logged. If yes, how long are the logs retained?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.1.1 - Secure Authentication - Personal Data in UserId (Requires manual attestation),Everest Manual - AC 3.1.1,Access Management,Identity and access management,Manual,Do you require personal data (other than name or email address) in the user ID?,,ACTIVE,,"Specify if personal data, other than name or email address, is required as a part of the user identifier. If yes, what data will be used? What use case is it used for?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.1.2 - Secure Authentication - Application Supports Two Factor Authentication (Requires manual attestation),Everest Manual - AC 3.1.2,Access Management,Identity and access management,Manual,Does the application support two-factor authentication?,,ACTIVE,,"Specify if two-factor authentication (2FA) can be used with the application. If yes, what tools can be used for 2FA?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.1.3 - Secure Authentication - Account Lockout (Requires manual attestation),Everest Manual - AC 3.1.3,Access Management,Identity and access management,Manual,Is the customer's account locked if there are multiple failed logins?,,ACTIVE,,"Specify if account lockout is enabled if there are multiple failed logins. If yes, specify the number of tries after which account will be locked out.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.2.1 - Credential Management - Password Policy,Everest Manual - AC 3.2.1,Access Management,Identity and access management,Manual,Does the application have a strong password policy?,,ACTIVE,,"Specify if a strong password policy (such as RequireUppercaseCharacters, RequireSymbols, PasswordReusePrevention, etc) is present.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.2.2 - Credential Management - Password Encryption,Everest Manual - AC 3.2.2,Access Management,Identity and access management,Manual,Does the password policy require credentials (password and userid) to be encrypted in-transit and to be hashed with salt when stored?,,ACTIVE,,"Specify if credentials (password and userid) are encrypted in-transit and when stored, is the password hashed with salt. If yes, can you provide more details?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.2.3 - Credential Management - Secret Management,Everest Manual - AC 3.2.3,Access Management,Identity and access management,Manual,Do you use a secret management service?,,ACTIVE,,"Specify if there is a secret management in place. If yes, can you provide more details?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.2.4 - Credential Management - Credentials in Code (Requires manual attestation),Everest Manual - AC 3.2.4,Access Management,Identity and access management,Manual,Are credentials included in the code?,,ACTIVE,,"Specify if credentials are included in the code. If yes, can you provide more details?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.3.1 - Access to Production Environment - Single Sign-on (Requires manual attestation),Everest Manual - AC 3.3.1,Access Management,Identity and access management,Manual,Is SSO enabled to access the production environment?,,ACTIVE,,"Specify if SSO can be used with the application. If yes, what tool is used for SSO?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.3.2 - Access to Production Environment - Two Factor Authentication,Everest Manual - AC 3.3.2,Access Management,Identity and access management,Manual,Is two-factor authentication required to access the production or hosted environment?,,ACTIVE,,"Specify if two-factor authentication (2FA) is required for access to production environment. If yes, what tool is used for 2FA?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.3.3 - Access to Production Environment - Root User (Requires manual attestation),Everest Manual - AC 3.3.3,Access Management,Identity and access management,Manual,Is root user used only by exception to access the production environment?,,ACTIVE,,"Specify that the root user is only used by exception. If yes, can you establish the cases it will be used for?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.3.4 - Access to Production Environment - Root User MFA,Everest Manual - AC 3.3.4,Access Management,Identity and access management,Manual,Does root user require multi-factor authentication (MFA)?,,ACTIVE,,"Specify if logging in as root user requires multi-factor authentication. If yes, what tool is used for MFA?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.3.5 - Access to Production Environment - Remote Access,Everest Manual - AC 3.3.5,Access Management,Identity and access management,Manual,"Is remote access to the production environment secured using mechanisms such as encrypted channels, key based authentication?",,ACTIVE,,"If the application permits remote access, specify if the access is secure (for example, will key-based authentication be used and will communication be done over encrypted channels?)",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.4.1 - Access Control Policy - Least Privilege Access,Everest Manual - AC 3.4.1,Access Management,Identity and access management,Manual,Do you follow least privilege access policy for users to access production environment?,,ACTIVE,,"Specify if least privileges are assigned to users. If no, how do you control access?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.4.2 - Access Control Policy - Access Policy Review,Everest Manual - AC 3.4.2,Access Management,Identity and access management,Manual,Are all access policies in the production environment reviewed regularly?,,ACTIVE,,"Specify if all access policies are reviewed regularly. If yes, provide details on how often the policies are reviewed.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.4.3 - Access Control Policy - Users and Security Policy Configuration (Requires manual attestation),Everest Manual - AC 3.4.3,Access Management,Identity and access management,Manual,Does the application allow customers to configure users and their privileges?,,ACTIVE,,Specify if customers can configure users (from the customer's and the vendor's end) that will have access to their environment.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.4.4 - Access Control Policy - Logical Segmentation (Requires manual attestation),Everest Manual - AC 3.4.4,Access Management,Identity and access management,Manual,Is there logical segmentation of application users?,,ACTIVE,,Specify if there is logical segmentation of users.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.4.5 - Access Control Policy - Access Review upon Termination,Everest Manual - AC 3.4.5,Access Management,Identity and access management,Manual,Are all relevant access policies updated upon employee termination or change of role?,,ACTIVE,,"Specify if access policies are deleted, updated upon employee termination, or change of role.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Access Management 3.5.1 - Access Logs,Everest Manual - AC 3.5.1,Access Management,Identity and access management,Manual,Do you log activities performed by individual users in the production environment?,,ACTIVE,,"Specify if a user's (employee or customer) actions/activities in a production environment are logged. If yes, how long are the logs retained?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.1.1 - Secure Software Development Lifecycle - Separate Environment,Everest Manual - Appsec 4.1.1,Application Security,Development and configuration management,Manual,"Is the development, test, and staging environment separate from the production environment?",,ACTIVE,,"Specify if the development, test, and staging environment is separate from the production environment.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.1.2 - Secure Software Development Lifecycle - Secure Coding Practice,Everest Manual - Appsec 4.1.2,Application Security,Development and configuration management,Manual,Do security engineers work with developers on security practices?,,ACTIVE,,Specify if developers and security engineer work together on secure coding practices.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.1.3 - Secure Software Development Lifecycle - Use of Customer Data in Test Environment (Requires manual attestation),Everest Manual - Appsec 4.1.3,Application Security,Development and configuration management,Manual,"Is customer data ever used in the test, development, or QA environments?",,ACTIVE,,"Is customer data ever used in the test, development, or QA environments? If yes, what data is used and what is it used for?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.1.4 - Secure Software Development Lifecycle - Secure Connection,Everest Manual - Appsec 4.1.4,Application Security,Development and configuration management,Manual,Is SSL/TLS enabled for all web pages/communications that uses customer data?,,ACTIVE,,Specify if a secure connection (such as SSL/TLS) is used for all communication with customer data.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.1.5 - Secure Software Development Lifecycle - Image Backup,Everest Manual - Appsec 4.1.5,Application Security,Development and configuration management,Manual,Are application image snapshots backed up?,,ACTIVE,,"Specify if image snapshots (such as systems supporting the application, systems hosting customer data) are backed up. If yes, is there a process to ensure that image snapshots containing scoped data are authorized prior to being snapped? Is access control implemented for the image snapshots?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.2.1 - Application Security Review - Secure Code Review,Everest Manual - Appsec 4.2.1,Application Security,Development and configuration management,Manual,Is secure code review done prior to each release?,,ACTIVE,,Specify if a security code review is done prior to each release.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.2.2 - Application Security Review - Penetration Test,Everest Manual - Appsec 4.2.2,Application Security,Development and configuration management,Manual,Are penetration tests performed? Can we get reports of penetration testing?,,ACTIVE,,"Specify if penetration tests are performed on the application. If yes, can you share the last 3 reports as manual evidence?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.2.3 - Application Security Review - Security Patches,Everest Manual - Appsec 4.2.3,Application Security,Development and configuration management,Manual,Are all available high-risk security patches applied and verified regularly?,,ACTIVE,,"Specify if high-risk security patches are applied regularly. If yes, how often are they applied?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.2.4 - Application Security Review - Vulnerability Scans on Applications,Everest Manual - Appsec 4.2.4,Application Security,Development and configuration management,Manual,Are vulnerability scans performed against all internet-facing applications regularly and after significant changes?,,ACTIVE,,"Specify if vulnerability scans are performed on all internet-facing applications. If yes, how often is it done? Can we get a copy of the report?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.2.5 - Application Security Review - Threats and Vulnerabilities Management,Everest Manual - Appsec 4.2.5,Application Security,Development and configuration management,Manual,Are there processes to manage threat and vulnerability assessment tools and the data they collect?,,ACTIVE,,Specify if there are processes to manage threat and vulnerability assessment tools and their findings. Could you provide more details on how threats and vulnerabilities are managed?,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.2.6 - Application Security Review - Anti Malware Scans,Everest Manual - Appsec 4.2.6,Application Security,Development and configuration management,Manual,Is anti-malware scanning done against the network and systems hosting the application regularly?,,ACTIVE,,"Specify if anti-malware scanning is done against the network and systems hosting the application. If yes, how often is it done? Can you provide the report?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.3.1 - Application Logs - Application Logs,Everest Manual - Appsec 4.3.1,Application Security,Development and configuration management,Manual,Are application logs collected and reviewed?,,ACTIVE,,"Specify if application logs are collected and reviewed. If yes, how long are the logs retained?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.3.2 - Application Logs - Access to Logs,Everest Manual - Appsec 4.3.2,Application Security,Development and configuration management,Manual,"Are operating system and application logs protected against modification, deletion, and/or inappropriate access?",,ACTIVE,,"Specify if operating system and application logs are protected against modification, deleted and/or inappropriate access. In the event of a breach/incident, do you have processes in place to detect loss of application logs?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.3.3 - Application Logs - Data Stored in Logs (Requires manual attestation),Everest Manual - Appsec 4.3.3,Application Security,Development and configuration management,Manual,Do you store customer's personally identifiable information (PII) in logs?,,ACTIVE,,Specify if you store customer's personally identifiable information (PII) in logs.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.4.1 - Change Control Policy - Functional and Resiliency Testing,Everest Manual - Appsec 4.4.1,Application Security,Development and configuration management,Manual,Is functional and resiliency testing done before releasing a change?,,ACTIVE,,Specify if functional and resiliency testing is done on the application before a new release.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.4.2 - Change Control Policy - Change Control Procedures,Everest Manual - Appsec 4.4.2,Application Security,Development and configuration management,Manual,Are change control procedures required for all changes to the production environment?,,ACTIVE,,Specify if change control procedures are in place for all changes made in the production environment.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.4.3 - Change Control Policy - Avoid Human Error/Risks in Production,Everest Manual - Appsec 4.4.3,Application Security,Development and configuration management,Manual,Do you have a process in place to verify that human error and risks don't get pushed into production?,,ACTIVE,,Specify that there's a process to verify that human error and risks don't get pushed into production.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.4.4 - Change Control Policy - Document and Log Changes,Everest Manual - Appsec 4.4.4,Application Security,Development and configuration management,Manual,Do you document and log changes that may impact services?,,ACTIVE,,"Specify if service impacting changes are documented and logged. If yes, how long are the logs retained?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Application Security 4.4.5 - Change Control Policy - Change Notification for Buyers (Requires manual attestation),Everest Manual - Appsec 4.4.5,Application Security,Development and configuration management,Manual,Is there a formal process to ensure customers are notified prior to changes being made which may impact their service?,,ACTIVE,,"Specify if customers will be notified prior to making changes that may impact their service. If yes, what is the SLA to notify customers about impacting changes?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.1.1 - Risk Assessment - Address and Identify Risks,Everest Manual - IR 5.1.1,Risk Management/Incident Response,Risk management,Manual,Is there a formal process focused on identifying and addressing risks of disruptive incidents to the organization?,,ACTIVE,,Specify if there is a process to identify and address risks that cause disruptive incidents for the organization.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.1.2 - Risk Assessment - Risk Management Process,Everest Manual - IR 5.1.2,Risk Management/Incident Response,Risk management,Manual,Is there a program or process to manage the treatment of risks identified during assessments?,,ACTIVE,,"Specify if there is a program or process to manage risks and their mitigations. If yes, can you provide more details about the risk management process?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.1.3 - Risk Assessment - Risk Assessments,Everest Manual - IR 5.1.3,Risk Management/Incident Response,Risk management,Manual,Are risk assessments done frequently?,,ACTIVE,,"Are risk assessments done frequently? If yes, specify the frequency of risk assessments.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.1.4 - Risk Assessment - Third Party Vendors Risk Assessment,Everest Manual - IR 5.1.4,Risk Management/Incident Response,Risk management,Manual,Are risk assessments performed for all third-party vendors?,,ACTIVE,,"Specify if risk assessments are performed for all third-party vendors. If yes, how often?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.1.5 - Risk Assessment - Risk Reassessment when Contract Changes,Everest Manual - IR 5.1.5,Risk Management/Incident Response,Risk management,Manual,Are risk assessments performed when service delivery or contract changes occur?,,ACTIVE,,Specify if risk assessments will be performed everytime a service delivery or contract changes.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.1.6 - Risk Assessment - Accept Risks (Requires manual attestation),Everest Manual - IR 5.1.6,Risk Management/Incident Response,Risk management,Manual,Is there a process for management to knowingly and objectively accept risks and approving action plans?,,ACTIVE,,"Specify if there is a process for management to understand and accept risks, and to approve action plans and timelines to fix it. Does the process include providing details of the metrics behind each risk to the management?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.1.7 - Risk Assessment - Risk Metrics (Requires manual attestation),Everest Manual - IR 5.1.7,Risk Management/Incident Response,Risk management,Manual,"Do you have measures in place to define, monitor, and report risk metrics?",,ACTIVE,,"Specify if there is a process to define, monitor, and report risk metrics.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.2.1 - Incident Management - Incident Response Plan,Everest Manual - IR 5.2.1,Risk Management/Incident Response,Risk management,Manual,Is there a formal Incident Response Plan?,,ACTIVE,,Specify if there is a formal Incident Response Plan.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.2.2 - Incident Management - Contact to Report Security Incidents (Requires manual attestation),Everest Manual - IR 5.2.2,Risk Management/Incident Response,Risk management,Manual,Is there a process for customers to report a security incident?,,ACTIVE,,"Specify if there is a process for customers to report a security incident. If yes, how can a customer report security incident?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.2.3 - Incident Management - Report Incidents/Key Activities,Everest Manual - IR 5.2.3,Risk Management/Incident Response,Risk management,Manual,Do you report key activities?,,ACTIVE,,Do you report key activities? What is the SLA for reporting key activities?,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.2.4 - Incident Management - Incident Recovery,Everest Manual - IR 5.2.4,Risk Management/Incident Response,Risk management,Manual,Do you have disaster recovery plans?,,ACTIVE,,"Specify if you have plans for recovery after an incident occurs. If yes, can you share details about the recovery plans?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.2.5 - Incident Management - Logs Available to Buyers in case of an Attack (Requires manual attestation),Everest Manual - IR 5.2.5,Risk Management/Incident Response,Risk management,Manual,"In case of an attack, will relevant resources (such as logs, incident report, or data) be available to customers?",,ACTIVE,,"Will relevant resources (such as logs, incident report, or data) related to their use be available to customers in case an attack or incident occurs?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.2.6 - Incident Management - Security Bulletin (Requires manual attestation),Everest Manual - IR 5.2.6,Risk Management/Incident Response,Risk management,Manual,Do you have a security bulletin that outlines latest attacks and vulnerabilities affecting your applications?,,ACTIVE,,"Specify if you have a security bulletin that outlines latest attacks and vulnerabilities affecting your applications. If yes, can you provide the details?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.3.1 - Incident Detection - Comprehensive Logging,Everest Manual - IR 5.3.1,Risk Management/Incident Response,Risk management,Manual,Is there comprehensive logging to support the identification and mitigation of incidents?,,ACTIVE,,Specify if there is comprehensive logging enabled. Identify the types of events that the system is capable of logging. How long are logs retained?,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.3.2 - Incident Detection - Log Monitoring,Everest Manual - IR 5.3.2,Risk Management/Incident Response,Risk management,Manual,Do you monitor and alert on unusual/suspicious activities using detection mechanisms such as log monitoring?,,ACTIVE,,"Specify if regular security monitoring and alerting is performed. If yes, does it include log monitoring for unusual or suspicious behavior?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.3.3 - Incident Detection - Third Party Data Breach,Everest Manual - IR 5.3.3,Risk Management/Incident Response,Risk management,Manual,"Is there a process to identify/ detect and log subcontractor security, privacy, or data breach issues?",,ACTIVE,,"Specify if there is a process in place to identify and detect third-party vendors or subcontractors for data breach, security issues, privacy, or data breach issues.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Risk Management/Incident Response 5.4.1 - SLA for Incident Notification (Requires manual attestation),Everest Manual - IR 5.4.1,Risk Management/Incident Response,Risk management,Manual,What is the SLA for sending notification about incidents/breaches?,,ACTIVE,,What is the SLA for sending notification about incidents/breaches?,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.1.1 - Business Resiliency - Failover Tests (Requires manual attestation),Everest Manual - BC 6.1.1,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Are site failover tests performed at least annually?,,ACTIVE,,"Specify if failover tests are performed annually. If no, how often are they performed?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.1.2 - Business Resiliency - Business Impact Analysis (Requires manual attestation),Everest Manual - BC 6.1.2,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Has a business impact analysis been conducted?,,ACTIVE,,"Specify if a business impact analysis was done. If yes, when was it last completed? Provide details on the analysis conducted.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.1.3 - Business Resiliency - Dependencies on Third Party Vendors (Requires manual attestation),Everest Manual - BC 6.1.3,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Are there any dependencies on critical third-party service providers (besides a cloud service provider)?,,ACTIVE,,"Specify if there is any dependency on third-party vendors (besides a cloud service provider). If yes, can you provide details on the vendors?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.1.4 - Business Resiliency - Third Party Continuity and Recovery Tests (Requires manual attestation),Everest Manual - BC 6.1.4,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Do you require third-party vendors to have their own disaster recovery processes and exercises?,,ACTIVE,,Specify if third-party vendors must have their own disaster recovery processes and exercises.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.1.5 - Business Resiliency - Third Party Vendors Breach of Contract (Requires manual attestation),Everest Manual - BC 6.1.5,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Do contracts with critical service providers include a penalty or remediation clause for breach of availability and continuity SLAs?,,ACTIVE,,Are penalty or remediation clauses for breach of availability and continuity included in contracts with third party vendors?,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.1.6 - Business Resiliency - Health of the System,Everest Manual - BC 6.1.6,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Do you have monitors/alerts to understand the health of the system?,,ACTIVE,,Specify if monitors or alerts are in place to understand the health of the system.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.2.1 - Business Continuity - Business Continuity Policies/Procedures,Everest Manual - BC 6.2.1,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Are formal business continuity procedures developed and documented?,,ACTIVE,,"Specify if formal business procedures are developed and maintained for business continuity. If yes, provide more details on the procedures.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.2.2 - Business Continuity - Response and Recovery Strategies,Everest Manual - BC 6.2.2,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Are specific response and recovery strategies defined for the prioritized activities?,,ACTIVE,,Specify if recovery and response strategies are developed for customer facing activities and services.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.2.3 - Business Continuity - Business Continuity Tests,Everest Manual - BC 6.2.3,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Do you perform recovery tests to ensure business continuity?,,ACTIVE,,Specify if you perform recovery tests to ensure business continuity in case of a failure.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.2.4 - Business Continuity - Availability Impact in Multi-Tenancy Environments (Requires manual attestation),Everest Manual - BC 6.2.4,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Do you limit a buyer's ability to impose load that may impact availability for other users of your system?,,ACTIVE,,"Specify if one buyer's load can impact availability for another buyer. If yes, what is the threshold until which there will be no impact? If no, can you provide more details on how you ensure services are not impacted during peak usage and above?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.3.1 - Application Availability - Availability Record (Requires manual attestation),Everest Manual - BC 6.3.1,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Were there any significant issues related to reliability or availability in the last year?,,ACTIVE,,Specify if there were any significant issues related to reliability or availability in the last year.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.3.2 - Application Availability - Scheduled Maintenance Window (Requires manual attestation),Everest Manual - BC 6.3.2,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Is downtime expected during scheduled maintenance?,,ACTIVE,,"Specify if there is a scheduled maintenance window during which services might be down. If yes, how long is the downtime?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.3.3 - Application Availability - Online Incident Portal (Requires manual attestation),Everest Manual - BC 6.3.3,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,"Is there an online incident response status portal, which outlines planned and unplanned outages?",,ACTIVE,,"Specify if there is an incident status portal that outlines planned and unplanned outages. If yes, provide details on how a customer can access it? How long after the outage will the portal be updated?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.3.4 - Application Availability - Recovery Time Objective (Requires manual attestation),Everest Manual - BC 6.3.4,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Is there a specific recovery time objective (RTO)?,,ACTIVE,,"Specify if there is a recovery time objective (RTO). If yes, can you provide the RTO?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Business Resiliency and Continuity 6.3.5 - Application Availability - Recovery Point Objective (Requires manual attestation),Everest Manual - BC 6.3.5,Business Resiliency and Continuity,Business continuity and contingency planning,Manual,Is there a specific recovery point objective (RPO)?,,ACTIVE,,"Specify if there is a recovery point objective (RPO). If yes, can you provide the RPO?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.1.1 - Asset/Software Inventory - Asset Inventory,Everest Manual - ES 7.1.1,End User Device Security,User device management,Manual,Is the asset inventory list updated periodically?,,ACTIVE,,"Specify if an asset inventory is maintained. If yes, how often is it updated?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.1.2 - Asset/Software Inventory - Software and Applications Inventory,Everest Manual - ES 7.1.2,End User Device Security,User device management,Manual,Are all installed software platforms and applications on scoped systems inventoried?,,ACTIVE,,"Specify if inventory of all installed softwares and applications is maintained. If yes, how often is it updated?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.2.1 - Asset Security - Security Patches,Everest Manual - ES 7.2.1,End User Device Security,User device management,Manual,Are all available high-risk security patches applied and verified at least monthly on all end user devices?,,ACTIVE,,"Specify if all high risk security patches are applied at least monthly. If no, how often is it applied? Can you provide more details on how you manage patching?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.2.2 - Asset Security - Endpoint Security,Everest Manual - ES 7.2.2,End User Device Security,User device management,Manual,Do you have endpoint security?,,ACTIVE,,"Specify if endpoint security is installed on all devices. If yes, can you provide more details on the tool and how it is maintained?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.2.3 - Asset Security - Maintenance and Repair of Assets (Requires manual attestation),Everest Manual - ES 7.2.3,End User Device Security,User device management,Manual,"Is maintenance and repair of organizational assets performed and logged, with approved and controlled tools?",,ACTIVE,,"Specify if maintenance and repair of assets is performed and logged with controlled tools. If yes, could you provide more details on how it is managed?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.2.4 - Asset Security - Access Control for Devices,Everest Manual - ES 7.2.4,End User Device Security,User device management,Manual,Do the devices have access control enabled?,,ACTIVE,,Specify if devices have access controls (such as RBAC) enabled.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.3.1 - Device Logs - Sufficient Details in Logs (Requires manual attestation),Everest Manual - ES 7.3.1,End User Device Security,User device management,Manual,Are sufficient details logged in operating system and device logs to support incident investigation?,,ACTIVE,,"Specify if sufficient details (like successful and failed login attempts and changes to sensitive configuration settings and files) are included in the logs to support incident investigation. If no, provide more details on how you handle incident investigations.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.3.2 - Device Logs - Access to Device Logs,Everest Manual - ES 7.3.2,End User Device Security,User device management,Manual,"Are device logs protected against modification, deletion, and/or inappropriate access?",,ACTIVE,,"Specify if device logs are protected against modification, deletion, and/or inappropriate access. If yes, can you provide details on how you enforce it?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.3.3 - Device Logs - Log Retention (Requires manual attestation),Everest Manual - ES 7.3.3,End User Device Security,User device management,Manual,Are logs retained for sufficient time to investigate an attack?,,ACTIVE,,How long will the logs be retained?,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.4.1 - Mobile Device Management - Mobile Device Management Program,Everest Manual - ES 7.4.1,End User Device Security,User device management,Manual,Is there a mobile device management program?,,ACTIVE,,"Specify if there is a mobile device management program. If yes, please specify what tool is used for mobile device management.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.4.2 - Mobile Device Management - Access Production Environment from Private Mobile Devices (Requires manual attestation),Everest Manual - ES 7.4.2,End User Device Security,User device management,Manual,Are staff prevented from accessing production environment via unmanaged private mobile devices?,,ACTIVE,,"Specify if employees are prevented from accessing production environment via unmanaged private mobile devices. If no, how do you enforce this control?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
End User Device Security 7.4.3 - Mobile Device Management - Access Customer Data from Mobile Devices (Requires manual attestation),Everest Manual - ES 7.4.3,End User Device Security,User device management,Manual,Are employees prevented from using unmanaged private mobile devices to view or process customer data?,,ACTIVE,,"Specify if employees are prevented from accessing scoped data via unmanaged mobile devices. If no, what is the use case for allowing access? How do you monitor access?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.1.1 - Physical Security - Physical Access to Facilities,Everest Manual - IS 8.1.1,Infrastructure Security,Governance and oversight,Manual,"Are individuals that require access to assets in-person (such as, buildings, vehicles, or hardware) required to provide ID and any necessary credentials?",,ACTIVE,,"Specify if individuals that require access to assets in-person (such as, buildings, vehicles, hardware) are required to provide ID and any necessary credentials.",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.1.2 - Physical Security - Physical Security and Environmental Controls in Place,Everest Manual - IS 8.1.2,Infrastructure Security,Governance and oversight,Manual,Are physical security and environmental controls in place in the data center and office buildings?,,ACTIVE,,Specify if physical security and environment controls are in place for all the facilities.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.1.3 - Physical Security - Visitor Access (Requires manual attestation),Everest Manual - IS 8.1.3,Infrastructure Security,Governance and oversight,Manual,Do you record visitor access?,,ACTIVE,,"If visitors are permitted in the facility, are visitor access logs maintained? If yes, how long are the logs retained?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.2.1 - Network Security - Disable Unused Ports and Services (Requires manual attestation),Everest Manual - IS 8.2.1,Infrastructure Security,Governance and oversight,Manual,Are all unused ports and services disabled from the production environment and systems?,,ACTIVE,,Specify if all unused ports and services are disabled from the production environment and systems.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.2.2 - Network Security - Use of Firewalls,Everest Manual - IS 8.2.2,Infrastructure Security,Governance and oversight,Manual,Are firewalls used to isolate critical and sensitive systems into network segments separate from network segments with less sensitive systems?,,ACTIVE,,Specify if firewalls are used to isolate critical and sensitive segments from segments with less sensitive systems.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.2.3 - Network Security - Firewall Rules Review,Everest Manual - IS 8.2.3,Infrastructure Security,Governance and oversight,Manual,Are all firewalls rules reviewed and updated regularly?,,ACTIVE,,How often are firewall rules reviewed and updated?,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.2.4 - Network Security - Intrusion Detection/Prevention Systems,Everest Manual - IS 8.2.4,Infrastructure Security,Governance and oversight,Manual,Are intrusion detection and prevention systems deployed in all sensitive network zones and wherever firewalls are enabled?,,ACTIVE,,Specify if intrusion detection and prevention systems are enabled in all sensitive network zones.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.2.5 - Network Security - Security and Hardening Standards,Everest Manual - IS 8.2.5,Infrastructure Security,Governance and oversight,Manual,Do you have security and hardening standards in place for network devices?,,ACTIVE,,"Specify if you have security and hardening standards in place for network devices. If yes, can you provide more details (including details about how often these standards are implemented and updated).",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Infrastructure Security 8.3.1 - Cloud Services - Platforms Used to Host Application (Requires manual attestation),Everest Manual - IS 8.3.1,Infrastructure Security,Governance and oversight,Manual,List the cloud platforms you use for hosting your application.,,ACTIVE,,Specify which cloud platforms you use for hosting your application.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Human Resources 9.1.1 - Human Resources Policy - Background Screening for Employees,Everest Manual - HR 9.1.1,Human Resources,Personnel management,Manual,Is background screening done before employment?,,ACTIVE,,Specify if background screening is done for all employees before employment.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Human Resources 9.1.2 - Human Resources Policy - Employee Agreement,Everest Manual - HR 9.1.2,Human Resources,Personnel management,Manual,Is an employment agreement signed before employment?,,ACTIVE,,Specify if an employment agreement is signed before employment.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Human Resources 9.1.3 - Human Resources Policy - Security Training for Employees,Everest Manual - HR 9.1.3,Human Resources,Personnel management,Manual,Do all employees undergo security awareness training regularly?,,ACTIVE,,"Specify if employees undergo security training regularly. If yes, how often do they undergo security training?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Human Resources 9.1.4 - Human Resources Policy - Disciplinary Process for Non Compliance of Policies,Everest Manual - HR 9.1.4,Human Resources,Personnel management,Manual,Is there a disciplinary process for non-compliance of human resource policies?,,ACTIVE,,Specify if there is a disciplinary process for non-compliance of human resource policies.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Human Resources 9.1.5 - Human Resources Policy - Background Checks for Contractors/Subcontractors (Requires manual attestation),Everest Manual - HR 9.1.5,Human Resources,Personnel management,Manual,"Are background checks performed for third-party vendors, contractors, and subcontractors?",,ACTIVE,,"Specify if background checks are done for third-party vendors, contractors, and subcontractors. If yes, is the background check done regularly?",,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/
Human Resources 9.1.6 - Human Resources Policy - Return of Assets upon Termination,Everest Manual - HR 9.1.6,Human Resources,Personnel management,Manual,Is there a process to verify return of constituent assets upon termination?,,ACTIVE,,Specify if there is a process to verify return of constituent assets upon employee termination.,,MANUAL,"{""events"": []}",Third Party Software Risk Assessment Template,Third Party Software Risk Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/