CCI-003006
CCI-003006 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if: - a process is implemented for ensuring that Organizational plans for conducting security testing, training, and monitoring activities associated with Organizational systems continue to be executed. - a process is implemented for ensuring that Organizational plans for conducting privacy testing, training, and monitoring activities associated with Organizational systems continue to be executed.
Validation Procedures
Examine: [SELECT FROM: Information security program plan; privacy program plan; plans for conducting security and privacy testing, training, and monitoring activities; organizational procedures addressing the development and maintenance of plans for conducting security and privacy testing, training, and monitoring activities; risk management strategy; procedures for the review of plans for conducting security and privacy testing, training, and monitoring activities for consistency with risk management strategy and risk response priorities; results of risk assessments associated with conducting security and privacy testing, training, and monitoring activities; documentation of the timely execution of plans for conducting security and privacy testing, training, and monitoring activities; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for developing and maintaining plans for conducting security and privacy testing, training, and monitoring activities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for the development and maintenance of plans for conducting security and privacy testing, training, and monitoring activities; mechanisms supporting the development and maintenance of plans for conducting security and privacy testing, training, and monitoring activities].