CCI-001037
CCI-001037 Definition
The organization develops and documents a risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
NIST SP 800-30 meets the DoD requirements for risk assessment policy and procedures. DoD Components are automatically compliant with this CCI because they are covered by the DoDi 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.
Validation Procedures
NIST SP 800-30 meets the DoD requirements for risk assessment policy and procedures. DoD Components are automatically compliant with this CCI because they are covered by the DoDi 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.
Compelling Evidence
Automatically compliant per DoDI 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.