Navigate

CCI-000239

CCI-000239 Definition

Develop and document an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000239.

Control	Description
CA-1	The organization: a: Develops, documents, and disseminates to [one of ]: 1: A security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2: Procedures to facilitate the implementation of the security assessment and authorization policy and associated security assessment and authorization controls; and b: Reviews and updates the current: 1: Security assessment and authorization policy [one of ]; and 2: Security assessment and authorization procedures [one of ].

Control

Description

CA-1

The organization:

a: Develops, documents, and disseminates to [one of ]:
- 1: A security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- 2: Procedures to facilitate the implementation of the security assessment and authorization policy and associated security assessment and authorization controls; and

b: Reviews and updates the current:
- 1: Security assessment and authorization policy [one of ]; and
- 2: Security assessment and authorization procedures [one of ].