CCI-000253

Implementation Guidance

Determine if a control assessment report is produced that documents the results of the assessment.

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing assessment planning; procedures addressing control assessments; control assessment plan; control assessment report; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with control assessment responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms supporting control assessment, control assessment plan development, and/or control assessment reporting].