Navigate

CCI-002999

CCI-002999 Definition

The organization implements a process for ensuring that organizational plans for conducting security testing activities associated with organizational information systems are maintained.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process for ensuring that organizational plans for conducting security testing activities associated with organizational information systems are maintained.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed implements a process for ensuring that organizational plans for conducting security testing activities associated with organizational information systems are maintained.

Compelling Evidence

1.) Signed and dated process maintenance documentation for conducting security testing activities associated with organizational information systems.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002999.

Control	Description
PM-14	The organization: PM-14a.: Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems: PM-14a.1.: Are developed and maintained; and PM-14a.2.: Continue to be executed in a timely manner; PM-14b.: Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Control

Description

PM-14

The organization:

PM-14a.: Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
- PM-14a.1.: Are developed and maintained; and
- PM-14a.2.: Continue to be executed in a timely manner;

PM-14b.: Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.