Navigate

CCI-001296

CCI-001296 Definition

Report the results of security function verification to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to report the result of security function verification to at a minimum, the ISSO and ISSM. The organization must maintain an audit trail of reporting. DoD has defined the personnel or roles as at a minimum, the ISSO and ISSM.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of reporting to ensure the organization being inspected/assessed reports the result of security function verification to at a minimum, the ISSO and ISSM. DoD has defined the personnel or roles as at a minimum, the ISSO and ISSM.

Compelling Evidence

1.) Signed and dated System security plan documents a process to report the result of security function verification to at a minimum, the ISSO and ISSM. 2.) Audit trail of reporting. 3.) Examples of the reports.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001296.

Control	Description
SI-6(3)	The organization reports the results of security function verification to [organization-defined personnel or roles].