CC6.6 - Measures Against Threats Outside System Boundaries

The CC6.6 criterion requires the entity to establish controls that identify, assess, and mitigate threats originating beyond the system's physical or logical perimeter, such as supply-chain weaknesses, natural disasters, or third-party service failures, ensuring these external risks do not compromise the security, availability, processing integrity, confidentiality, or privacy of the system.