Navigate

CCI-004617

CCI-004617 Definition

Conduct a impact-level categorization of organizational systems to obtain additional granularity on system impact levels.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if an impact-level prioritization of organizational systems is conducted to obtain additional granularity on system impact levels.

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; security and privacy planning policy and procedures; procedures addressing security categorization of organizational information and systems; security categorization documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security categorization and risk assessment responsibilities; organizational personnel with security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for security categorization].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-004617.

Control	Description
RA-2(1)	Conduct an impact-level prioritization of organizational systems to obtain additional granularity on system impact levels.