Navigate

CCI-003228

CCI-003228 Definition

The organization defines an assurance overlay to be implemented to achieve trustworthiness required to support its critical missions/business functions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents an assurance overlay to be implemented to achieve trustworthiness required to support its critical missions/business functions. DoD has determined the assurance overlay is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented assurance overlay to ensure the organization being inspected/assessed defines an assurance overlay to be implemented to achieve trustworthiness required to support its critical missions/business functions. DoD has determined the assurance overlay is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for defining an organization-defined assurance overlay to achieve trustworthiness required to support its critical missions/business functions.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003228.

Control	Description
SA-13	The organization: SA-13a.: Describes the trustworthiness required in the [Assignment: organization-defined information system, information system component, or information system service] supporting its critical missions/business functions; and SA-13b.: Implements [Assignment: organization-defined assurance overlay] to achieve such trustworthiness.