CCI-001296

Implementation Guidance

Determine if: - the results of security function verification are reported to [SI-06(03)_ODP; personnel or roles designated to receive the results of security and privacy function verification is/are defined]. - the results of privacy function verification are reported to [SI-06(03)_ODP; personnel or roles designated to receive the results of security and privacy function verification is/are defined].

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing security and privacy function verification; system design documentation; system configuration settings and associated documentation; reports of security and privacy function verification results; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security and privacy function verification responsibilities; organizational personnel who are recipients of security and privacy function verification reports; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for reporting security and privacy function verification results; mechanisms supporting and/or implementing the reporting of security and privacy function verification results].