Navigate

CCI-000255

CCI-000255 Definition

The organization employs assessors or assessment teams with an organization-defined level of independence to conduct security control assessments of organizational information systems.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed will employ assessors and assessor teams with the level of independence defined in CA-2 (1), CCI 2064 to conduct security control assessments of organizational information systems.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the level of independence defined in CA-2 (1), CCI 2064 to ensure that they, as the assessor, meet the required level of independence.

Compelling Evidence

1.) Signed and dated Security Assessment and Authorization Policy

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000255.

Control	Description
CA-2 (1)	The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to conduct security control assessments.