CCI-000239

Develop and document an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Implementation Guidance

DoDI 8510.01 meets the DoD requirement for security assessment authorization policy and procedures. DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, DoDI 8510.01.

Validation Procedures

DoDI 8510.01 meets the DoD requirement for security assessment authorization policy and procedures. DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, DoDI 8510.01.

Compelling Evidence

Automatically compliant per DoDI 8510.01

The controls below (if any) were marked by NIST as being related to CCI-000239.