Appendix D
Trust Services Criteria for Security, Availability, and Confidentiality for Use as Control Criteria in the Cybersecurity Risk Management Examination
This appendix is nonauthoritative and is included for informational purposes only.
The trust services criteria for security, availability, and confidentiality and the related points of focus in this appendix have been extracted from TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria), issued in April 2017 by the AICPA’s Assurance Services Executive Committee. The complete text may be found at www.aicpa.org/cybersecurityriskmanagement.
The following table presents the trust services criteria and the related points of focus for security, availability, and confidentiality, which are applicable to a cybersecurity risk management examination. In the table, criteria and related points of focus that come directly from the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) 2013 Internal Control—Integrated Framework (COSO framework)1 are presented using a normal font. In contrast, criteria and points of focus that apply to engagements using the trust services criteria are presented in italics.
TSP Ref. # |
TRUST SERVICES CRITERIA AND POINTS OF FOCUS |
|
CONTROL ENVIRONMENT |
CC1.1 |
COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values. |
|
The following points of ... |
Get Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.