Navigate

CCI-001044

CCI-001044 Definition

The organization defines the frequency with which to review and update the current risk assessment procedures.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD Components are automatically compliant with this CCI because they are covered by the DoDi 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.

Validation Procedures

DoD Components are automatically compliant with this CCI because they are covered by the DoDi 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.DoD has defined the frequency as annually - updated as appropriate.

Compelling Evidence

Automatically compliant per DoDI 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001044.

Control	Description
RA-1	The organization: RA-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: RA-1a.1.: A risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and RA-1a.2.: Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and RA-1b.: Reviews and updates the current: RA-1b.1.: Risk assessment policy [Assignment: organization-defined frequency]; and RA-1b.2.: Risk assessment procedures [Assignment: organization-defined frequency].

Control

Description

RA-1

The organization:

RA-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- RA-1a.1.: A risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- RA-1a.2.: Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and

RA-1b.: Reviews and updates the current:
- RA-1b.1.: Risk assessment policy [Assignment: organization-defined frequency]; and
- RA-1b.2.: Risk assessment procedures [Assignment: organization-defined frequency].