SA-9.1: Risk Assessments and Organizational Approvals

An OSCAL Control

- personnel or roles
  personnel or roles that approve the acquisition or outsourcing of dedicated information security services is/are defined;