Navigate

CCI-002368

CCI-002368 Definition

Defines the personnel or roles to whom the organization-level; mission/business process-level; system-level risk assessment policy is disseminated.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the roles as at a minimum, the ISSM and ISSO.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the personnel or roles as at a minimum, the ISSM and ISSO.

Compelling Evidence

Automatically compliant per DoDI 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002368.

Control	Description
RA-1	The organization: a: Develops, documents, and disseminates to [one of ]: 1: A risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2: Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and b: Reviews and updates the current: 1: Risk assessment policy [one of ]; and 2: Risk assessment procedures [one of ].

Control

Description

RA-1

The organization:

a: Develops, documents, and disseminates to [one of ]:
- 1: A risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- 2: Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and

b: Reviews and updates the current:
- 1: Risk assessment policy [one of ]; and
- 2: Risk assessment procedures [one of ].