CCI-002063

The organization defines the level of independence for assessors or assessment teams to conduct security control assessments of organizational information systems.

Implementation Guidance

The organization being inspected/assessed defines and documents the level of independence for assessors or assessment teams to conduct security control assessments of organizational information systems. DoD has determined the level of independence is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented level of independence to ensure the organization being inspected/assessed defines the level of independence for assessors or assessment teams to conduct security control assessments of organizational information systems. DoD has determined the level of independence is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Security Assessment and Authorization Policy defining the level of independence for assessors or assessment teams to conduct security control assessments of organizational information systems.

The controls below (if any) were marked by NIST as being related to CCI-002063.