Navigate

CCI-002064

CCI-002064 Definition

The organization selects one or more security assessment techniques to be conducted.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed selects and documents one or more security assessment techniques to be conducted. Techniques include in-depth monitoring; vulnerability scanning; malicious user testing; insider threat assessment and performance/load testing, as well as any other techniques identified in CA-2 (2), CCI 1582. DoD has determined the other forms of security assessments are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the selected list of assessment techniques that are to be conducted to ensure the selections have been documented.

Compelling Evidence

1.) Documented list of assessment techniques to be conducted

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002064.

Control	Description
CA-2 (2)	The organization includes as part of security control assessments, [Assignment: organization-defined frequency], [Selection: announced; unannounced], [Selection (one or more): in-depth monitoring; vulnerability scanning; malicious user testing; insider threat assessment; performance/load testing; [Assignment: organization-defined other forms of security assessment]].