IAO — Information Assurance
15 controls in the Information Assurance domain
IAO-01Information Assurance (IA) Operations
IAO-01.1Assessment Boundaries
IAO-02Assessments
IAO-02.1Assessor Independence
IAO-02.2Specialized Assessments
IAO-02.3Third-Party Assessments
IAO-02.4Security Assessment Report (SAR)
IAO-03System Security & Privacy Plan (SSPP)
IAO-03.1Plan / Coordinate with Other Organizational Entities
IAO-03.2Adequate Security for Sensitive / Regulated Data In Support of Contracts
IAO-04Threat Analysis & Flaw Remediation During Development
IAO-05Plan of Action & Milestones (POA&M)
IAO-05.1Plan of Action & Milestones (POA&M) Automation
IAO-06Technical Verification
IAO-07Security Authorization