Control number | Control name | Assessment methods | Notes and guidance documents | SP 800-53A guidance |
SC-1 | System and communications protection policy and procedures | Review documentation for organization to ensure that the protection policies and procedures are developed, installed, active, and followed by users and organization. Discuss with System Owner, operations staff, and Security Officer. | SP 800-12, SP 800-100 | Examine: System and communications protection policy and procedures; other relevant documents or records. Interview: Organizational personnel with system and communications protection responsibilities; organizational personnel with information security responsibilities. |
SC-2 | Application partitioning | Review documentation to ... |
Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.