SA-11(3): Independent Verification of Assessment Plans and Evidence
Control Family:
Parent Control:
Baselines:
(Not part of any baseline)
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- SA-11(3): Independent Verification Of Assessment Plans / Evidence
Control Statement
- Require an independent agent satisfying [Assignment: organization-defined independence criteria] to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and
- Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.
Supplemental Guidance
Independent agents have the qualifications-including the expertise, skills, training, certifications, and experience-to verify the correct implementation of developer security and privacy assessment plans.