Navigate

CCI-000251

CCI-000251 Definition

Assess the controls in the systems and its environment of operation on an organization-defined frequency, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000251.

Control	Description
CA-2	The organization: a: Develops a security assessment plan that describes the scope of the assessment including: 1: Security controls and control enhancements under assessment; 2: Assessment procedures to be used to determine security control effectiveness; and 3: Assessment environment, assessment team, and assessment roles and responsibilities; b: Assesses the security controls in the information system and its environment of operation [one of ] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements; c: Produces a security assessment report that documents the results of the assessment; and d: Provides the results of the security control assessment to [one of ].

Control

Description

CA-2

The organization:

a: Develops a security assessment plan that describes the scope of the assessment including:
- 1: Security controls and control enhancements under assessment;
- 2: Assessment procedures to be used to determine security control effectiveness; and
- 3: Assessment environment, assessment team, and assessment roles and responsibilities;

b: Assesses the security controls in the information system and its environment of operation [one of ] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements;

c: Produces a security assessment report that documents the results of the assessment; and

d: Provides the results of the security control assessment to [one of ].