NIST 800-53 Rev 5
424 controls available
Specialized Assessments
Assessment, Authorization, and Monitoring
Control Statement
Include as part of control assessments, {{ insert: param, ca-02.02_odp.01 }}, {{ insert: param, ca-02.02_odp.02 }}, {{ insert: param, ca-02.02_odp.03 }}.
Discussion
Organizations can conduct specialized assessments, including verification and validation, system monitoring, insider threat assessments, malicious user testing, and other forms of testing. These assessments can improve readiness by exercising organizational capabilities and indicating current levels of performance as a means of focusing actions to improve security and privacy. Organizations conduct specialized assessments in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Authorizing officials approve the assessment methods in coordination with the organizational risk executive function. Organizations can include vulnerabilities uncovered during assessments into vulnerability remediation processes. Specialized assessments can also be conducted early in the system development life cycle (e.g., during initial design, development, and unit testing).
- Framework
- NIST SP 800-53 Rev 5
- Family
- Assessment, Authorization, and Monitoring
- Baselines
- high
Related Frameworks
6 paths across 1 framework
Related Frameworks
CCI6 mappings
- DISA · 2025-01-23 · disa_cci_list · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
2 STIGs reach this control through 25 CCIs. Expand a row to see the responsible NICE and O*NET roles.