CCI-003439
CCI-003439 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to audit privacy controls, every three years or as required by major system change, to ensure effective implementation.The organization must maintain an audit trail.DoD has defined the frequency as every three years or as required by major system change.DoD has defined the frequency as upon a change in the privacy, security or authorization posture of the system and not to exceed every three years.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail to ensure the organization being inspected/assessed audits privacy controls, every three years or as required by major system change, to ensure effective implementation.DoD has defined the frequency as every three years or as required by major system change.DoD has defined the frequency as upon a change in the privacy, security or authorization posture of the system and not to exceed every three years.
Compelling Evidence
Reference section of documentation that pertains to a process to audit privacy controls. Observe that the organization must maintain an audit trail at a frequency of every three years or as required by a major system change and cannot exceed every three years.