CCI-003186

The organization ensures that the independent agent either is provided with sufficient information to complete the verification process or has been granted the authority to obtain such information.

Implementation Guidance

The organization being inspected/assessed provides the independent agent with sufficient information and access/authority to complete the verification process. The organization must maintain a record of information provided.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the record of information provided to ensure the organization being inspected/assessed provides the independent agent with sufficient information and access/authority to complete the verification process.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation must require organization to ensure the independent agent is provided with sufficient information to complete verification process or has been granted the authority to obtain such information.

The controls below (if any) were marked by NIST as being related to CCI-003186.