Requirement:
Results from the cybersecurity audits and reviews must be documented and presented to the cybersecurity steering committee and Authorizing Official. Results must include the audit/review scope, observations, recommendations and remediation plans.
Control Implementation Guidelines:
- Review and document results of cybersecurity review and audit. The review report must include:
- 1
- Scope of review and audit
- Discovered observations
- Recommendations and corrective actions
- Observations remediation plan
- Share and discuss the results of cybersecurity review and audit with the cybersecurity supervisory committee and the representative
Relevant Cybersecurity Tools:
- Cybersecurity Review Report Template.
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Audit reports (by the internal audit department or compliance department or an independent external auditor) on all cybersecurity requirements of the organization
- Evidence that the results of the cybersecurity review and audit presented to the cybersecurity supervisory committee and the representative
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.