Navigate

CCI-000240

CCI-000240 Definition

Disseminates to organization-defined personnel or roles an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000240.

Control	Description
CA-1	The organization: a: Develops, documents, and disseminates to [one of ]: 1: A security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2: Procedures to facilitate the implementation of the security assessment and authorization policy and associated security assessment and authorization controls; and b: Reviews and updates the current: 1: Security assessment and authorization policy [one of ]; and 2: Security assessment and authorization procedures [one of ].

Control

Description

CA-1

The organization:

a: Develops, documents, and disseminates to [one of ]:
- 1: A security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- 2: Procedures to facilitate the implementation of the security assessment and authorization policy and associated security assessment and authorization controls; and

b: Reviews and updates the current:
- 1: Security assessment and authorization policy [one of ]; and
- 2: Security assessment and authorization procedures [one of ].