Navigate

CCI-001066

CCI-001066 Definition

Determine information about the system that is discoverable.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

If the organization being inspected/assessed is conducting vulnerability scans IAW base control RA-5, they are compliant with this CCI.

Validation Procedures

The organization conducting the inspection/assessment will review results of validation of base control RA-5, if the inspected organization is compliant with the requirements of RA-5, they are compliant with this CCI.

Compelling Evidence

1.) System security plan (SSP). 2.) Reference to system security plan (SSP) section pertaining to procedure to discover what information may have been compromised in the event of a breach.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001066.

Control	Description
RA-5(4)	The organization determines what information about the information system is discoverable by adversaries and subsequently takes [organization-defined corrective actions].