CCI-001583
CCI-001583 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed selects and documents whether announced or unannounced assessments are required for each form of security control assessment that was selected as part of CA-2 (2), CCI 2064. DoD has determined the announced or unannounced nature of the assessments is not appropriate to define at the Enterprise level.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented list of security control assessment techniques defined in CA-2 (2), CCI 2064 and verifies that the security assessment plan defines whether the assessment is announced or unannounced.
Compelling Evidence
1.) List of security control assessment techniques defined in CA-2 (2), CCI 2064 2.) Signed and dated security assessment plan which defines whether the assessment is announced or unannounced