SA-11(3)

  • Requirement

    (a) Require an independent agent satisfying [Assignment: organization-defined independence criteria] to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and
    (b) Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.

  • Discussion

    Independent agents have the qualifications—including the expertise, skills, training, certifications, and experience—to verify the correct implementation of developer security and privacy assessment plans.

More Info

  • Title

    Developer Testing and Evaluation | Independent Verification of Assessment Plans and Evidence

  • Family

    System and Services Acquisition

  • Related NIST 800-53 ID

    AT-3;RA-5

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!

Learn More