||Notes and guidance documents
||SP 800-53A guidance
||System and services acquisition policy and procedures
||Review documentation for organization to determine the acquisition processes, policies, and procedures in place for systems, components, and services in support of system under review. Discuss with System Owner, acquisition staff, operations staff, and Security Officer.
||SP 800-12, SP 800-37, rev. 1, SP 800-64, SP 800-100
Examine: System and services acquisition policy and procedures; other relevant documents or records. Interview: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security responsibilities.
Get Security Controls Evaluation, Testing, and Assessment Handbook now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.