Statements (23)
Predicate | Object |
---|---|
gptkbp:instanceOf |
NIST SP 800-53 Control
|
gptkbp:appliesTo |
Federal information systems
|
gptkbp:category |
gptkb:Security_Assessment_and_Authorization
|
gptkbp:controlIdentifier |
CA-2
|
gptkbp:frequency |
At least annually
|
https://www.w3.org/2000/01/rdf-schema#label |
CA-2 Security Assessments
|
gptkbp:improves |
CA-2(1) Independent Assessment
CA-2(2) Specialized Assessments CA-2(3) External Organizations |
gptkbp:mandate |
gptkb:Federal_Information_Security_Modernization_Act_(FISMA)
|
gptkbp:partOf |
NIST SP 800-53 Control Family: Security Assessment and Authorization (CA)
|
gptkbp:purpose |
To assess the security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome.
|
gptkbp:referencedIn |
gptkb:NIST_SP_800-53_Revision_5
FedRAMP Security Assessment Framework |
gptkbp:relatedTo |
gptkb:Authorization_to_Operate_(ATO)
gptkb:Security_Assessment_Report_(SAR) Continuous Monitoring |
gptkbp:requires |
Documentation of assessment results
Organization to assess security controls in the information system and its environment of operation. Assessment of security controls as part of continuous monitoring Reporting of assessment results to appropriate officials |
gptkbp:bfsParent |
gptkb:Security_Assessment_and_Authorization_(CA)
|
gptkbp:bfsLayer |
7
|