CCI-000272

Implementation Guidance

Determine if the authorizations are updated [CA-06_ODP; frequency at which to update the authorizations is defined].

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing authorization; system security plan, privacy plan, assessment report, plan of action and milestones; authorization statement; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with authorization responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms that facilitate authorizations and updates].