An independent verification and validation (IV&V) exercise is designed to have an un-biased opinion, as to the verification and validation that NIST controls are in place and are functional. In most organizations this begins with having policies in place that convey management’s intent towards following the set of security controls. Policies however are not evidence of a control; they are simply the evidence of intent. The verification and validation process relates to operational procedures that produce evidence that can be reviewed and measured, that demonstrate the effectiveness, maturity and ultimately, the risk associated with the control.
This content is part of MIS Training Institute’s Partner Content Series and developed by the sponsor. MIS Training Institute was not involved in the development of this content.