💼 CA-2 Control Assessments (L)(M)(H)
- Contextual name: 💼 CA-2 Control Assessments (L)(M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/ca/02 - Located in: 💼 Assessment, Authorization, and Monitoring
Description​
a. Select the appropriate assessor or assessment team for the type of assessment to be conducted;
b. Develop a control assessment plan that describes the scope of the assessment including:
-
Controls and control enhancements under assessment;
-
Assessment procedures to be used to determine control effectiveness; and
-
Assessment environment, assessment team, and assessment roles and responsibilities;
c. Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;
d. Assess the controls in the system and its environment of operation [FedRAMP Assignment: at least annually] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy
e. Produce a control assessment report that document the results of the assessment; and
f. Provide the results of the control assessment to [FedRAMP Assignment: individuals or roles to include FedRAMP PMO].
CA-2 Additional FedRAMP Requirements and Guidance:
Guidance: Reference FedRAMP Annual Assessment Guidance.
Similar​
- Sections
/frameworks/fedramp-high-security-controls/ca/02
- Internal
- ID:
dec-c-0bf15bfd
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 CA-2 Control Assessments (L)(M)(H) | 3 |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 CA-2(1) Independent Assessors (L)(M)(H) | ||||
| 💼 CA-2(3) Leveraging Results from External Organizations (M)(H) |