💼 CA-2 Control Assessments
- ID:
/frameworks/nist-sp-800-53-r5/ca/02
Stats​
not available
Description​
a. Select the appropriate assessor or assessment team for the type of assessment to be conducted; b. Develop a control assessment plan that describes the scope of the assessment including:
- Controls and control enhancements under assessment;
- Assessment procedures to be used to determine control effectiveness; and
- Assessment environment, assessment team, and assessment roles and responsibilities; c. Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment; d. Assess the controls in the system and its environment of operation [Assignment: organization-defined frequency] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements; e. Produce a control assessment report that document the results of the assessment; and f. Provide the results of the control assessment to [Assignment: organization-defined individuals or roles].
Similar​
- Internal
- ID:
dec-c-77f4dbba
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 CA-2 Control Assessments (L)(M)(H) | 3 | no data | |||
| 💼 FedRAMP Low Security Controls → 💼 CA-2 Control Assessments (L)(M)(H) | 1 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations | 47 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties | 62 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities | 62 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded | 47 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CA-2(1) Control Assessments _ Independent Assessors | no data | ||||
| 💼 CA-2(2) Control Assessments _ Specialized Assessments | no data | ||||
| 💼 CA-2(3) Control Assessments _ Leveraging Results from External Organizations | no data |