Navigate

CCI-002069

CCI-002069 Definition

Defines the requirements the control assessments for organization-defined systems from organization-defined external organizations must meet.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the results of control assessments performed by [CA-02(03)_ODP[01]; external organization(s) from which the results of control assessments are leveraged are defined] on [CA-02(03)_ODP[02]; system on which a control assessment was performed by an external organization is defined] are leveraged when the assessment meets [CA-02(03)_ODP[03]; requirements to be met by the control assessment performed by an external organization on the system are defined].

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing control assessments; control assessment requirements; control assessment plan; control assessment report; control assessment evidence; plan of action and milestones; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with control assessment responsibilities; organizational personnel with information security and privacy responsibilities; personnel performing control assessments for the specified external organization].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002069.

Control	Description
CA-2(3)	Leverage the results of control assessments performed by [external organization(s) from which the results of control assessments are leveraged are defined;] on [system on which a control assessment was performed by an external organization is defined;] when the assessment meets [requirements to be met by the control assessment performed by an external organization on the system are defined;].