{"id":1103,"date":"2024-07-16T21:19:03","date_gmt":"2024-07-16T21:19:03","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1103"},"modified":"2024-09-06T21:29:43","modified_gmt":"2024-09-06T21:29:43","slug":"ca-2-control-assessments","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/assessment-authorization-and-monitoring-ca\/ca-2-control-assessments\/","title":{"rendered":"CA-2: Control Assessments"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CA-2: Control Assessments<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Privacy Baseline:<\/strong> &nbsp;Yes&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>06\/26\/2024<\/h2>\n\n\n\n<p>Texas Administrative Code (TAC) <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.76(c)<\/a> requires an assessment of the Tarleton State University (Tarleton) security program for compliance with TAC \u00a7202 including the security controls required by The Texas Department of Information Resources (DIR).&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The Tarleton Chief Information Security Officer (CISO) or their designee is responsible for developing a control assessment plan that describes the scope of the assessment including:&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Controls under assessment;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Assessment procedures used to determine the effectiveness of each security control; and &nbsp;<\/li>\n\n\n\n<li>Assessment environment, team, roles, and responsibilities.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The security controls assessment will:&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Review the Tarleton security controls and the environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, meeting security requirements and producing the desired outcome;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Be performed by individual(s) independent of the CISO; and&nbsp;&nbsp;<\/li>\n\n\n\n<li>Be performed at least biennially (every other year) based on risk management decisions.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Assessment results will be reported to the Tarleton Chief Information Officer (CIO), CISO, and other executive leadership.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Note: This control is distinct from the information security risk assessments described in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/risk-assessment-ra\/ra-3-risk-assessment\/\" data-type=\"page\" data-id=\"1761\">Control RA-3, Risk Assessment<\/a>.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=26#:~:text=(c)%20A%20review,designated%20representative(s).\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.26(c)<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76#:~:text=(c)%20A%20review,designated%20representative(s).\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.76(c)<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CA-2: Control Assessments NIST Baseline: &nbsp;Low&nbsp; Privacy Baseline: &nbsp;Yes&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;06\/26\/2024 Texas Administrative Code (TAC) \u00a7202.76(c) requires an assessment of the Tarleton State University (Tarleton) &#8230;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":788,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1103","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 16, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on July 16, 2024 9:19 pm","modified":"Updated on September 6, 2024 9:29 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1103"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1103\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}