Responsible for grading System Security Plans and adherence to assessment guidance such as NIST 8-00-53 alpha. The SCA performs a verification and validation of the security posture of the environment in scope of the assessment. The SCA can be one individual, or a team of individuals depending on the size, scope and breadth of the assessment. The level of independence of the assessor is the responsibility of the Authorizing Official based on laws, executive orders, directives, policies, standards and guidelines. The goal of the independent assessment is to receive unbiased results to assist in making risk based decisions.
Applicability: Relevant in assessing security plans, compliance audits, and security assessments.