Navigate

CCI-002069

CCI-002069 Definition

The organization defines the requirements the assessments for organization-defined information systems from organization-defined external organizations must meet.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the requirements the assessments for organization-defined information systems from organization-defined external organizations must meet. DoD has determined the requirements are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examine the documented requirements to ensure the organization being inspected/assessed defines the requirements the assessments for organization-defined information systems from organization-defined external organizations must meet. DoD has determined the requirements are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Security Assessment Plan defining the requirements for the assessments for organizational- defined information systems from organization-defined external organizations.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002069.

Control	Description
CA-2 (3)	The organization accepts the results of an assessment of [Assignment: organization-defined information system] performed by [Assignment: organization-defined external organization] when the assessment meets [Assignment: organization-defined requirements].