Navigate

CCI-001047

CCI-001047 Definition

The organization ensures the security categorization decision is reviewed and approved by the authorizing official or authorizing official designated representative.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process IAW CNSSI 1253 to ensure the security categorization decision is reviewed and approved by the authorizing official or authorizing official designated representative.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed ensures the security categorization decision is reviewed and approved by the authorizing official or authorizing official designated representative.

Compelling Evidence

1.) Signed and dated documentation that outlines the organizations process for security categorization.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001047.

Control	Description
RA-2	The organization: RA-2a.: Categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance; RA-2b.: Documents the security categorization results (including supporting rationale) in the security plan for the information system; and RA-2c.: Ensures that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

Control

Description

RA-2

The organization:

RA-2a.: Categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance;

RA-2b.: Documents the security categorization results (including supporting rationale) in the security plan for the information system; and

RA-2c.: Ensures that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.