Navigate

CCI-000244

CCI-000244 Definition

Review and update the current assessment, authorization, and monitoring procedures on an organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed reviews and updates, IAW DoDI 8510.01, the current security assessment and authorization procedures annually. The organization must maintain an audit trail of review and update activity. DoD has defined the frequency as annually.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the audit trail of review and update activity to ensure the organization being inspected/assessed reviews and updates, IAW DoDI 8510.01, the current security assessment and authorization procedures annually.

Compelling Evidence

1.) SOP/TTP documenting the review and update activity to ensure the organization reviews and updates the current security assessment and authorization procedures annually IAW DoDI 8510.01. 2.) Audit trail of updates.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000244.

Control	Description
CA-1	The organization: a: Develops, documents, and disseminates to [organization-defined personnel or roles]: 1: A security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2: Procedures to facilitate the implementation of the security assessment and authorization policy and associated security assessment and authorization controls; and b: Reviews and updates the current: 1: Security assessment and authorization policy [organization-defined frequency]; and 2: Security assessment and authorization procedures [organization-defined frequency].

Control

Description

CA-1

The organization:

a: Develops, documents, and disseminates to [organization-defined personnel or roles]:
- 1: A security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- 2: Procedures to facilitate the implementation of the security assessment and authorization policy and associated security assessment and authorization controls; and

b: Reviews and updates the current:
- 1: Security assessment and authorization policy [organization-defined frequency]; and
- 2: Security assessment and authorization procedures [organization-defined frequency].