Navigate

CCI-000335

CCI-000335 Definition

The organization, after the information system is changed, checks the security functions to verify the functions are implemented correctly.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to verify in an operational environment, following changes to the information system, the security functions are implemented correctly. The organization must maintain an audit trail of the verification of security functions.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of the verification of security functions to ensure the organization being inspected/assessed verifies in an operational environment, following changes to the information system, the security functions are implemented correctly.

Compelling Evidence

1.) Signed and dated documentation of a process to verify that after changes to the information system are completed, the security functions are implemented correctly in an operational environment. 2.) Audit trail of the verification of security functions.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000335.

Control	Description
CM-4 (2)	The organization, after the information system is changed, checks the security functions to verify that the functions are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security requirements for the system.