SA-11(3): Independent Verification of Assessment Plans and Evidence
(Not part of any baseline)
- NIST Special Publication 800-53 Revision 4:
- SA-11(3): Independent Verification Of Assessment Plans / Evidence
- Require an independent agent satisfying [Assignment: organization-defined independence criteria] to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and
- Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.
Independent agents have the qualifications-including the expertise, skills, training, certifications, and experience-to verify the correct implementation of developer security and privacy assessment plans.