I am struggling to find a definitive answer around Inherited Controls testing. In 800-37r2, it says there is no requirement to provide implementation details for inherited common controls. Additionally, it states, "For system-level control assessments, control assessors do not assess inherited controls, and only assess the system-implemented portions of hybrid controls. Control assessors prepare security and privacy assessment reports containing the results and findings from the assessment." 

But there seems to be a mixed bag of what people do, exactly, for testing of controls that are inherited. It would seem to be to be at very least, there should be some validation to ensure the control has had the intended impact on the system inheriting the control. 

Should the inheriting system be allowed to simply 'inherit' the test results without validation?