How many external LEs must be audited at accounts with external LEs supported through a Memorandum of Agreement?

For accounts that have external Logical Entities (LEs) supported through a Memorandum of Agreement, it is necessary to conduct audits on a specific number of these entities to ensure compliance and security protocols are being followed. In this context, auditing three external LEs is essential as it provides a comprehensive assessment of the operational integrity and security measures in place within the agreement's framework. This requirement enables adequate oversight and ensures that security risks associated with external LEs are effectively managed.

The selection of three as the minimum number for auditing is in line with best practices for risk management in communication security (COMSEC) and reflects an understanding of the diverse operational impacts that external entities can have on the security posture of an organization.