Skip to main content

πŸ’Ό CA-2 SECURITY ASSESSMENTS

Description​

The organization: CA-2a. Develops a security assessment plan that describes the scope of the assessment including: CA-2a.1. Security controls and control enhancements under assessment; CA-2a.2. Assessment procedures to be used to determine security control effectiveness; and CA-2a.3. Assessment environment, assessment team, and assessment roles and responsibilities; CA-2b. Assesses the security controls in the information system and its environment of operation [Assignment: organization-defined frequency] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements; CA-2c. Produces a security assessment report that documents the results of the assessment; and CA-2d. Provides the results of the security control assessment to [Assignment: organization-defined individuals or roles].

Similar​

  • Internal
    • ID: dec-c-3073ee37

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.DP-2: Detection activities comply with all applicable requirements77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.DP-3: Detection processes are tested1414
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.DP-4: Event detection information is communicated3033
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.DP-5: Detection processes are continuously improved1416
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-1: Asset vulnerabilities are identified and documented1415
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-7: Protection processes are improved2
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.CO-3: Information is shared consistent with response plans1617

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CA-2 (1) INDEPENDENT ASSESSORS
πŸ’Ό CA-2 (2) SPECIALIZED ASSESSMENTS
πŸ’Ό CA-2 (3) EXTERNAL ORGANIZATIONS