Navigate

CCI-000273

CCI-000273 Definition

The organization defines the frequency with which to update the security authorization.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the frequency as at least every three years, whenever there is a significant change to the system, or if there is a change to the environment in which the system operates.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the frequency as at least every three years, whenever there is a significant change to the system, or if there is a change to the environment in which the system operates.

Compelling Evidence

Automatically Compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000273.

Control	Description
CA-6	The organization: CA-6a.: Assigns a senior-level executive or manager as the authorizing official for the information system; CA-6b.: Ensures that the authorizing official authorizes the information system for processing before commencing operations; and CA-6c.: Updates the security authorization [Assignment: organization-defined frequency].