CCI-000571
CCI-000571 Definition
The organization^s security plan for the information system is reviewed and approved by the authorizing official or designated representative prior to plan implementation.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed obtains security plan approval by the authorizing official or designated representative prior to plan implementation.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the security plan approval to ensure the organization being inspected/assessed obtains security plan approval by the authorizing official or designated representative prior to plan implementation.
Compelling Evidence
1.) System security plan (SSP) approved by authorizing official (AO) or designated representative prior to implementation. 2.) Protocol for obtaining approval of the system security plan (SSP) by an authorizing official (AO).