CCI-003004

The organization implements a process for ensuring that organizational plans for conducting security testing associated with organizational information systems continue to be executed in a timely manner.

Implementation Guidance

The organization being inspected/assessed documents and implements a process for ensuring that organizational plans for conducting security testing associated with organizational information systems continue to be executed in a timely manner. The organization must maintain records of execution.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as records of execution to ensure the organization being inspected/assessed implements a process for ensuring that organizational plans for conducting security testing associated with organizational information systems continue to be executed in a timely manner.

Compelling Evidence

1.) Signed and dated testing process documentation. 2.) Records of execution for conducting security monitoring activities associated with organizational information system.

The controls below (if any) were marked by NIST as being related to CCI-003004.