SA-11(3)

  • Requirement

    1. Require an independent agent satisfying [Assignment: organization-defined independence criteria] to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and
    2. Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.
  • Discussion

    Independent agents have the qualifications including the expertise, skills, training, certifications, and experience to verify the correct implementation of developer security and privacy assessment plans.

More Info

  • Title

    Developer Testing and Evaluation | Independent Verification of Assessment Plans and Evidence
  • Family

    System and Services Acquisition
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AT-3;RA-5

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!