Navigate

CCI-002068

CCI-002068 Definition

The organization defines the external organizations from which assessment results for organization-defined information systems will be accepted.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the external organizations from which assessment results for organization-defined information systems will be accepted. DoD has determined the external organizations are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented external organizations to ensure the organization being inspected/assessed defines the external organizations from which assessment results for organization-defined information systems will be accepted. DoD has determined the external organizations are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated security assessment plan defining external organizations from which the assessment results will be accepted

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002068.

Control	Description
CA-2 (3)	The organization accepts the results of an assessment of [Assignment: organization-defined information system] performed by [Assignment: organization-defined external organization] when the assessment meets [Assignment: organization-defined requirements].