Navigate

CCI-000272

CCI-000272 Definition

The organization updates the security authorization on an organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed updates the security authorization at least every three years, whenever there is a significant change to the system, or if there is a change to the environment in which the system operates. DoD has defined the frequency as at least every three years, whenever there is a significant change to the system, or if there is a change to the environment in which the system operates.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security authorization documentation to confirm the security authorization has been updated within the last three years, when there was a significant change to the system, or if there was a change to the environment in which the system operates. DoD has defined the frequency as at least every three years, whenever there is a significant change to the system, or if there is a change to the environment in which the system operates.

Compelling Evidence

within the last three years; if there was a significant change to the system, or if there was a change to the environment in which the system operates.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000272.

Control	Description
CA-6	The organization: CA-6a.: Assigns a senior-level executive or manager as the authorizing official for the information system; CA-6b.: Ensures that the authorizing official authorizes the information system for processing before commencing operations; and CA-6c.: Updates the security authorization [Assignment: organization-defined frequency].