CCI-001047
CCI-001047 Definition
Verify the security categorization decision is reviewed and approved by the authorizing official or authorizing official designated representative.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.
Validation Procedures
Examine: [SELECT FROM: Risk assessment policy; security planning policy and procedures; procedures addressing security categorization of organizational information and systems; security categorization documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security categorization and risk assessment responsibilities; organizational personnel with security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for security categorization].