Navigate

CCI-000001

CCI-000001 Definition

The organization develops an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed develops and documents an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the access control policy to ensure the organization being inspected/assessed develops and documents an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Compelling Evidence

1.) Signed and dated copy of access control policy that defines the purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000001.

Control	Description
AC-1	The organization: AC-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: AC-1a.1.: An access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and AC-1a.2.: Procedures to facilitate the implementation of the access control policy and associated access controls; and AC-1b.: Reviews and updates the current: AC-1b.1.: Access control policy [Assignment: organization-defined frequency]; and AC-1b.2.: Access control procedures [Assignment: organization-defined frequency].

Control

Description

AC-1

The organization:

AC-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- AC-1a.1.: An access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- AC-1a.2.: Procedures to facilitate the implementation of the access control policy and associated access controls; and

AC-1b.: Reviews and updates the current:
- AC-1b.1.: Access control policy [Assignment: organization-defined frequency]; and
- AC-1b.2.: Access control procedures [Assignment: organization-defined frequency].