Navigate

CCI-001046

CCI-001046 Definition

The organization documents the security categorization results (including supporting rationale) in the security plan for the information system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents the security categorization results (including supporting rationale) in the security plan for the information system IAW CNSSI 1253.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security categorization results to ensure the organization being inspected/assessed documents the security categorization results (including supporting rationale) in the security plan for the information system IAW CNSSI 1253.

Compelling Evidence

1.) System security plan (SSP). 2.) Reference to system security plan (SSP) section pertaining to Risk Assessment Implementation and reference a procedure for categorizing information.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001046.

Control	Description
RA-2	The organization: RA-2a.: Categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance; RA-2b.: Documents the security categorization results (including supporting rationale) in the security plan for the information system; and RA-2c.: Ensures that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

Control

Description

RA-2

The organization:

RA-2a.: Categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance;

RA-2b.: Documents the security categorization results (including supporting rationale) in the security plan for the information system; and

RA-2c.: Ensures that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.