Control number Control name Assessment methods Notes and guidance documents SP 800-53A guidance
SC-1 System and communications protection policy and procedures Review documentation for organization to ensure that the protection policies and procedures are developed, installed, active, and followed by users and organization. Discuss with System Owner, operations staff, and Security Officer. SP 800-12, SP 800-100 Examine: System and communications protection policy and procedures; other relevant documents or records. Interview: Organizational personnel with system and communications protection responsibilities; organizational personnel with information security responsibilities.
SC-2 Application partitioning Review documentation to ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.