CA-2 Security Assessments

GPTKB entity

Statements (23)
Predicate Object
gptkbp:instanceOf NIST SP 800-53 Control
gptkbp:appliesTo Federal information systems
gptkbp:category gptkb:Security_Assessment_and_Authorization
gptkbp:controlIdentifier CA-2
gptkbp:frequency At least annually
https://www.w3.org/2000/01/rdf-schema#label CA-2 Security Assessments
gptkbp:improves CA-2(1) Independent Assessment
CA-2(2) Specialized Assessments
CA-2(3) External Organizations
gptkbp:mandate gptkb:Federal_Information_Security_Modernization_Act_(FISMA)
gptkbp:partOf NIST SP 800-53 Control Family: Security Assessment and Authorization (CA)
gptkbp:purpose To assess the security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome.
gptkbp:referencedIn gptkb:NIST_SP_800-53_Revision_5
FedRAMP Security Assessment Framework
gptkbp:relatedTo gptkb:Authorization_to_Operate_(ATO)
gptkb:Security_Assessment_Report_(SAR)
Continuous Monitoring
gptkbp:requires Documentation of assessment results
Organization to assess security controls in the information system and its environment of operation.
Assessment of security controls as part of continuous monitoring
Reporting of assessment results to appropriate officials
gptkbp:bfsParent gptkb:Security_Assessment_and_Authorization_(CA)
gptkbp:bfsLayer 7