CCI-001045

The organization categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to categorize information and the information system in accordance with CNSSI 1253 and applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed categorizes information and the information system in accordance with CNSSI 1253 and applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Compelling Evidence

1.) System security plan (SSP). 2.) Reference to system security plan (SSP) section pertaining to Risk Assessment Implementation and reference a procedure for categorizing information.

The controls below (if any) were marked by NIST as being related to CCI-001045.