Skip to main content

πŸ’Ό CA-2 Control Assessments

Description​

a. Select the appropriate assessor or assessment team for the type of assessment to be conducted; b. Develop a control assessment plan that describes the scope of the assessment including:

  1. Controls and control enhancements under assessment;
  2. Assessment procedures to be used to determine control effectiveness; and
  3. Assessment environment, assessment team, and assessment roles and responsibilities; c. Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment; d. Assess the controls in the system and its environment of operation [Assignment: organization-defined frequency] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements; e. Produce a control assessment report that document the results of the assessment; and f. Provide the results of the control assessment to [Assignment: organization-defined individuals or roles].

Similar​

  • Internal
    • ID: dec-c-77f4dbba

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CA-2 Control Assessments (L)(M)(H)3
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CA-2 Control Assessments (L)(M)(H)1
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations10
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties23
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities24
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded22

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CA-2(1) Control Assessments _ Independent Assessors
πŸ’Ό CA-2(2) Control Assessments _ Specialized Assessments
πŸ’Ό CA-2(3) Control Assessments _ Leveraging Results from External Organizations