CCI-000255

Implementation Guidance

Determine if independent assessors or assessment teams are employed to conduct control assessments.

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing control assessments; previous control assessment plan; previous control assessment report; plan of action and milestones; existing authorization statement; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security assessment responsibilities; organizational personnel with information security and privacy responsibilities].