Navigate

CCI-000254

CCI-000254 Definition

Provide the results of the control assessment to organization-defined individuals or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the results of the control assessment are provided to [CA-02_ODP[02]; individuals or roles to whom control assessment results are to be provided are defined].

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing assessment planning; procedures addressing control assessments; control assessment plan; control assessment report; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with control assessment responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms supporting control assessment, control assessment plan development, and/or control assessment reporting].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000254.

Control	Description
CA-2	a: Select the appropriate assessor or assessment team for the type of assessment to be conducted; b: Develop a control assessment plan that describes the scope of the assessment including: 1: Controls and control enhancements under assessment; 2: Assessment procedures to be used to determine control effectiveness; and 3: Assessment environment, assessment team, and assessment roles and responsibilities; c: Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment; d: Assess the controls in the system and its environment of operation [the frequency at which to assess controls in the system and its environment of operation is defined;] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements; e: Produce a control assessment report that document the results of the assessment; and f: Provide the results of the control assessment to [individuals or roles to whom control assessment results are to be provided are defined;].

Control

Description

CA-2

a: Select the appropriate assessor or assessment team for the type of assessment to be conducted;

b: Develop a control assessment plan that describes the scope of the assessment including:
- 1: Controls and control enhancements under assessment;
- 2: Assessment procedures to be used to determine control effectiveness; and
- 3: Assessment environment, assessment team, and assessment roles and responsibilities;

c: Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

d: Assess the controls in the system and its environment of operation [the frequency at which to assess controls in the system and its environment of operation is defined;] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements;

e: Produce a control assessment report that document the results of the assessment; and

f: Provide the results of the control assessment to [individuals or roles to whom control assessment results are to be provided are defined;].