Navigate

CCI-000337

CCI-000337 Definition

After system changes, verify that the impacted controls are producing the desired outcome with regard to meeting the security requirements for the system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to verify in an operational environment, following changes to the information system, the security functions are producing the desired outcome with regard to meeting the security requirements for the system. The organization must maintain an audit trail of the verification of security functions.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of the verification of security functions to ensure the organization being inspected/assessed verifies in an operational environment, following changes to the information system, the security functions are producing the desired outcome with regard to meeting the security requirements for the system.

Compelling Evidence

1.) Signed and dated process to verify security functions are operating as intended in an operational environment following changes to the information system 2.) Audit trail

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000337.

Control	Description
CM-4(2)	The organization, after the information system is changed, checks the security functions to verify that the functions are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security requirements for the system.