NSTSSI Security Education Standards |
9. COMPLIANCE VALIDATION a. Automated Tool 1) conduct post-accreditation periodic compliance validation reviews in accordance with the timelines identified in the SSAA or as requested by the DAA; 2) identify and discuss the testing tools with site personnel, if necessary; and 3) verify that the identified tools remain compliant with the current accreditation. b. Process Review 1) discuss the identified life-cycle processes and procedures with cognizant site personnel; 2) identify the life-cycle processes and procedures to support mission accomplishment; 3) manage the review in accordance with the identified timelines; 4) review the physical, environmental, technical, and procedural security disciplines; 5) review the SSAA and assist in its revision, if necessary; 6) verify that the identified life-cycle processes and procedures remain compliant with the current accreditation; 7) verify the status of the system's current risks; and 8) explain the results and the recommendations, based on the findings, in support or denial of continued certification to the DAA. c. Connection Requirements verify that connections of systems to networks or to each other follow a defined set of requirements as found in the SSAA.