An error occurred:

CCI-001049

CCI-001049 Definition

Document risk assessment results in the organization-defined document.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if risk assessment results are documented in [RA-03_ODP[01]; one of the following PARAMETER VALUES is selected: {security and privacy plans; risk assessment report; [RA-03_ODP[02]; a document in which risk assessment results are to be documented (if not documented in the security and privacy plans or risk assessment report) is defined (if selected)]}].

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; risk assessment procedures; security and privacy planning policy and procedures; procedures addressing organizational assessments of risk; risk assessment; risk assessment results; risk assessment reviews; risk assessment updates; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with risk assessment responsibilities; organizational personnel with security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for risk assessment; mechanisms supporting and/or conducting, documenting, reviewing, disseminating, and updating the risk assessment].