CCI-000253
CCI-000253 Definition
Produce a control assessment report that document the results of the assessment.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed will develop a SAR that includes the compliance/non-compliance status of all controls and specific deficiencies for all non-compliant controls using the template available on the Knowledge Service. *Comment* The items required within this control are being split into the security plan and security assessment report to eliminate creation of an additional artifact.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the SAR to verify that it includes the compliance/non-compliance status of all controls and specific deficiencies for all non-compliant controls.
Compelling Evidence
1.) Signed and dated Security Assessment Report