Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Assessment, Authorization, And Monitoring
  4. >SP800-53-CA-2(3)
SP800-53-CA-2(3)Active

Leveraging Results from External Organizations

Statement

Leverage the results of control assessments performed by external organization(s) on system when the assessment meets requirements.

Location

Control Family
Assessment, Authorization, and Monitoring

Control Details

Identifier
SP800-53-CA-2(3)
Family
CA
Parent Control
SP800-53-CA-2

Organisation-Defined Parameters

ca-02.03_odp.01
external organization(s)
ca-02.03_odp.02
system
ca-02.03_odp.03
requirements

Supplemental Guidance

Organizations may rely on control assessments of organizational systems by other (external) organizations. Using such assessments and reusing existing assessment evidence can decrease the time and resources required for assessments by limiting the independent assessment activities that organizations need to perform. The factors that organizations consider in determining whether to accept assessment results from external organizations can vary. Such factors include the organization’s past experience with the organization that conducted the assessment, the reputation of the assessment organization, the level of detail of supporting assessment evidence provided, and mandates imposed by applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Accredited testing laboratories that support the Common Criteria Program ISO 15408-1 , the NIST Cryptographic Module Validation Program (CMVP), or the NIST Cryptographic Algorithm Validation Program (CAVP) can provide independent assessment results that organizations can leverage.

Assessment Objective

the results of control assessments performed by external organization(s) on system are leveraged when the assessment meets requirements.

No cross-framework mappings available

← Back to Assessment, Authorization, and Monitoring
Assessment, Authorization, and Monitoring32 controls
SP800-53-CA-1Policy and ProceduresSP800-53-CA-2Control AssessmentsSP800-53-CA-2(1)Independent AssessorsSP800-53-CA-2(2)Specialized AssessmentsSP800-53-CA-2(3)Leveraging Results from External OrganizationsSP800-53-CA-3Information ExchangeSP800-53-CA-3(1)Unclassified National Security System ConnectionsSP800-53-CA-3(2)Classified National Security System ConnectionsSP800-53-CA-3(3)Unclassified Non-national Security System ConnectionsSP800-53-CA-3(4)Connections to Public NetworksSP800-53-CA-3(5)Restrictions on External System ConnectionsSP800-53-CA-3(6)Transfer AuthorizationsSP800-53-CA-3(7)Transitive Information ExchangesSP800-53-CA-4Security CertificationSP800-53-CA-5Plan of Action and MilestonesSP800-53-CA-5(1)Automation Support for Accuracy and CurrencySP800-53-CA-6AuthorizationSP800-53-CA-6(1)Joint Authorization — Intra-organizationSP800-53-CA-6(2)Joint Authorization — Inter-organizationSP800-53-CA-7Continuous MonitoringSP800-53-CA-7(1)Independent AssessmentSP800-53-CA-7(2)Types of AssessmentsSP800-53-CA-7(3)Trend AnalysesSP800-53-CA-7(4)Risk MonitoringSP800-53-CA-7(5)Consistency AnalysisSP800-53-CA-7(6)Automation Support for MonitoringSP800-53-CA-8Penetration TestingSP800-53-CA-8(1)Independent Penetration Testing Agent or TeamSP800-53-CA-8(2)Red Team ExercisesSP800-53-CA-8(3)Facility Penetration TestingSP800-53-CA-9Internal System ConnectionsSP800-53-CA-9(1)Compliance Checks