Navigate

CCI-003872

CCI-003872 Definition

Employ a joint authorization process for the system that includes multiple authorizing officials with at least one authorizing official from an organization external to the organization conducting the authorization.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - a joint authorization process is employed for the system. - the joint authorization process employed for the system includes multiple authorizing officials with at least one authorizing official from an organization external to the organization conducting the authorization.

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing authorization; system security plan; privacy plan; assessment report; plan of action and milestones; authorization statement; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with authorization responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms that facilitate authorizations and updates].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003872.

Control	Description
CA-6(2)	Employ a joint authorization process for the system that includes multiple authorizing officials with at least one authorizing official from an organization external to the organization conducting the authorization.