Skip to main content

💼 CA-2 SECURITY ASSESSMENTS

Description​

The organization: CA-2a. Develops a security assessment plan that describes the scope of the assessment including: CA-2a.1. Security controls and control enhancements under assessment; CA-2a.2. Assessment procedures to be used to determine security control effectiveness; and CA-2a.3. Assessment environment, assessment team, and assessment roles and responsibilities; CA-2b. Assesses the security controls in the information system and its environment of operation [Assignment: organization-defined frequency] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements; CA-2c. Produces a security assessment report that documents the results of the assessment; and CA-2d. Provides the results of the security control assessment to [Assignment: organization-defined individuals or roles].

Similar​

  • Internal
    • ID: dec-c-3073ee37

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability
💼 NIST CSF v1.1 → 💼 DE.DP-2: Detection activities comply with all applicable requirements66
💼 NIST CSF v1.1 → 💼 DE.DP-3: Detection processes are tested1313
💼 NIST CSF v1.1 → 💼 DE.DP-4: Event detection information is communicated2932
💼 NIST CSF v1.1 → 💼 DE.DP-5: Detection processes are continuously improved1315
💼 NIST CSF v1.1 → 💼 ID.RA-1: Asset vulnerabilities are identified and documented1315
💼 NIST CSF v1.1 → 💼 PR.IP-7: Protection processes are improved2
💼 NIST CSF v1.1 → 💼 RS.CO-3: Information is shared consistent with response plans1617

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
💼 CA-2 (1) INDEPENDENT ASSESSORS
💼 CA-2 (2) SPECIALIZED ASSESSMENTS
💼 CA-2 (3) EXTERNAL ORGANIZATIONS