CCI-003007

The organization reviews testing plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to review testing plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions. The organization must maintain a record of reviews.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the record of reviews to ensure the organization being inspected/assessed reviews testing plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Compelling Evidence

1.) Signed and dated implementation process documentation that reviews testing plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions. 2.) Testing plans. 3.) Records of review.

The controls below (if any) were marked by NIST as being related to CCI-003007.