Navigate

CCI-001047

CCI-001047 Definition

Verify the security categorization decision is reviewed and approved by the authorizing official or authorizing official designated representative.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; security planning policy and procedures; procedures addressing security categorization of organizational information and systems; security categorization documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security categorization and risk assessment responsibilities; organizational personnel with security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for security categorization].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001047.

Control	Description
RA-2	a: Categorize the system and information it processes, stores, and transmits; b: Document the security categorization results, including supporting rationale, in the security plan for the system; and c: Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.