An error occurred:

CCI-004655

CCI-004655 Definition

Develop and document an organization-level; mission/business process-level; and/or system-level system and services acquisition policy that is consistent with applicable laws, Executive Orders, directives, regulations, polices, standards, and guidelines.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the [SA-01_ODP[03]; one or more of the following PARAMETER VALUES is/are selected: {organization-level; mission/business process-level; system-level}] system and services acquisition policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.

Validation Procedures

Examine: [SELECT FROM: System and services acquisition policy; system and services acquisition procedures; supply chain risk management policy; supply chain risk management procedures; supply chain risk management plan; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security and privacy responsibilities; organizational personnel with supply chain risk management responsibilities].