SA-11.3: Independent Verification of Assessment...

SA-11.3 · Independent Verification of Assessment Plans and Evidence

Control Description

Require an independent agent satisfying {{ insert: param, sa-11.03_odp }} to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.

Impact Baselines

Security baselines where this control applies

Not in any baseline

Control Properties

SP800-53-enhancement

organization

Assurance

Enhancement

Control Statement

The control requirements

(a) Require an independent agent satisfying {{ insert: param, sa-11.03_odp }} to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and

(b) Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.

Supplemental Guidance

Independent agents have the qualifications—including the expertise, skills, training, certifications, and experience—to verify the correct implementation of developer security and privacy assessment plans.

Related NIST Controls

Other NIST 800-53 controls related to this one

AT-03

RA-05