CCI-001067
CCI-001067 Definition
| Status | |
| Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if privileged access authorization is implemented to [RA-05(05)_ODP[01]; system components to which privileged access is authorized for selected vulnerability scanning activities are defined] for [RA-05(05)_ODP[02]; vulnerability scanning activities selected for privileged access authorization to system components are defined].
Validation Procedures
Examine: [SELECT FROM: Risk assessment policy; procedures addressing vulnerability scanning; system design documentation; system configuration settings and associated documentation; list of system components for vulnerability scanning; personnel access authorization list; authorization credentials; access authorization records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with vulnerability scanning responsibilities; system/network administrators; organizational personnel responsible for access control to the system; organizational personnel responsible for configuration management of the system; system developers; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for vulnerability scanning; organizational processes for access control; mechanisms supporting and/or implementing access control; mechanisms/tools supporting and/or implementing vulnerability scanning].