Ongoing governance for vendor-mandated cyber-security requirements.
- Discovery: recommending controls that meet the supplied standards
- Policy: documentation to cover mandated policy areas
- Implementation: technical and process controls
- Reporting: supplying evidence that security standards are being met