SA-11(3)
-
Requirement
- Require an independent agent satisfying [Assignment: organization-defined independence criteria] to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and
- Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.
-
Discussion
Independent agents have the qualifications including the expertise, skills, training, certifications, and experience to verify the correct implementation of developer security and privacy assessment plans.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!