Navigate

CCI-003225

CCI-003225 Definition

The organization describes the trustworthiness required in the organization-defined information system, information system component, or information system service supporting its critical missions/business functions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents within its security plan the trustworthiness required in the information system, information system component, or information system service defined in SA-13, CCI 3226 supporting its critical missions/business functions.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security plan to ensure the organization being inspected/assessed documents within its security plan the trustworthiness required in the information system, information system component, or information system service defined in SA-13, CCI 3226 supporting its critical missions/business functions.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for describing the trustworthiness required in the organization-defined information system, information system component or information system service supporting its critical missions/business functions.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003225.

Control	Description
SA-13	The organization: SA-13a.: Describes the trustworthiness required in the [Assignment: organization-defined information system, information system component, or information system service] supporting its critical missions/business functions; and SA-13b.: Implements [Assignment: organization-defined assurance overlay] to achieve such trustworthiness.