CCI-001050
CCI-001050 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if risk assessment results are reviewed [RA-03_ODP[03]; the frequency to review risk assessment results is defined].
Validation Procedures
Examine: [SELECT FROM: Risk assessment policy; risk assessment procedures; security and privacy planning policy and procedures; procedures addressing organizational assessments of risk; risk assessment; risk assessment results; risk assessment reviews; risk assessment updates; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with risk assessment responsibilities; organizational personnel with security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for risk assessment; mechanisms supporting and/or conducting, documenting, reviewing, disseminating, and updating the risk assessment].