CCI-003057
CCI-003057 Definition
The organization^s security plan for the information system describes the security controls in place or planned for meeting those requirements, including a rationale for the tailoring decisions.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed describes within the security plan the security controls in place or planned for meeting those requirements including a rationale for the tailoring and supplementation decisions.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the security plan to ensure the organization being inspected/assessed describes within the security plan the security controls in place or planned for meeting those requirements including a rationale for the tailoring and supplementation decisions.
Compelling Evidence
1.) System security plan (SSP).