Navigate

CCI-001217

CCI-001217 Definition

Develop and document an organization-level; mission/business process-level; and/or system level system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - the [SI-01_ODP[03]; one or more of the following PARAMETER VALUES is/are selected: {organization-level; mission/business process-level; system-level}] system and information integrity policy addresses purpose. - the [SI-01_ODP[03]; one or more of the following PARAMETER VALUES is/are selected: {organization-level; mission/business process-level; system-level}] system and information integrity policy addresses scope. - the [SI-01_ODP[03]; one or more of the following PARAMETER VALUES is/are selected: {organization-level; mission/business process-level; system-level}] system and information integrity policy addresses roles. - the [SI-01_ODP[03]; one or more of the following PARAMETER VALUES is/are selected: {organization-level; mission/business process-level; system-level}] system and information integrity policy addresses responsibilities. - the [SI-01_ODP[03]; one or more of the following PARAMETER VALUES is/are selected: {organization-level; mission/business process-level; system-level}] system and information integrity policy addresses management commitment. - the [SI-01_ODP[03]; one or more of the following PARAMETER VALUES is/are selected: {organization-level; mission/business process-level; system-level}] system and information integrity policy addresses coordination among Organizational entities. - the [SI-01_ODP[03]; one or more of the following PARAMETER VALUES is/are selected: {organization-level; mission/business process-level; system-level}] system and information integrity policy addresses compliance.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system and information integrity responsibilities; organizational personnel with information security and privacy responsibilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001217.

Control	Description
SI-1	a: Develop, document, and disseminate to [one of ]: 1: [one or more of "organization-level"/"mission/business process-level"/"system-level"] system and information integrity policy that: (a): Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (b): Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and 2: Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; b: Designate an [an official to manage the system and information integrity policy and procedures is defined;] to manage the development, documentation, and dissemination of the system and information integrity policy and procedures; and c: Review and update the current system and information integrity: 1: Policy [the frequency at which the current system and information integrity policy is reviewed and updated is defined;] and following [events that would require the current system and information integrity policy to be reviewed and updated are defined;] ; and 2: Procedures [the frequency at which the current system and information integrity procedures are reviewed and updated is defined;] and following [events that would require the system and information integrity procedures to be reviewed and updated are defined;].

Control

Description

SI-1

a: Develop, document, and disseminate to [one of ]:
- 1: [one or more of "organization-level"/"mission/business process-level"/"system-level"] system and information integrity policy that:
  - (a): Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
  - (b): Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and
- 2: Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls;

b: Designate an [an official to manage the system and information integrity policy and procedures is defined;] to manage the development, documentation, and dissemination of the system and information integrity policy and procedures; and

c: Review and update the current system and information integrity:
- 1: Policy [the frequency at which the current system and information integrity policy is reviewed and updated is defined;] and following [events that would require the current system and information integrity policy to be reviewed and updated are defined;] ; and
- 2: Procedures [the frequency at which the current system and information integrity procedures are reviewed and updated is defined;] and following [events that would require the system and information integrity procedures to be reviewed and updated are defined;].