CCI-002368
CCI-002368 Definition
Defines the personnel or roles to whom the organization-level; mission/business process-level; system-level risk assessment policy is disseminated.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
DoD has defined the roles as at a minimum, the ISSM and ISSO.
Validation Procedures
The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the personnel or roles as at a minimum, the ISSM and ISSO.
Compelling Evidence
Automatically compliant per DoDI 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.