A commodity service is
|“||an information system service (e.g., telecommunications service) provided by a commercial service provider typically to a large and diverse set of consumers. The organization acquiring and/or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not in a position to require that the provider implement specific security controls.||”|
Commodity services are
|“||systems or services used to carry out routine tasks (e.g., e-mail, data centers, and web infrastructure).||”|
- ↑ NIST Special Publication 800-53, Rev. 4, App. B, Glossary.
- ↑ Information Technology Reform: Progress Made; More Needs to Be Done to Complete Actions and Measure Results, at 5 n.e.