(Revised: 06/2014)

Policy: Each state entity shall perform security assessments to determine whether the security controls selected by the state entity are implemented correctly and working as intended to mitigate risk. Security assessments conducted by the state entity shall include, but are not limited to, the following:

  1. Legal, policy, standards, and procedure compliance review;
  2. Vulnerability scanning; and
  3. Penetration testing.

Implementation Controls: NIST SP 800-53: Security Assessment and Authorization (CA)


No Revisions for this item.

Searchable SAM

Print Entire SAM