Navigate

CCI-001218

CCI-001218 Definition

The organization disseminates the system and information integrity policy to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD disseminates DoDI 8510.01 via the DoD Issuances website (http://www.dtic.mil/whs/directives/corres/dir.html) that meets the DoD requirement for a system and information integrity policy. DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, Risk Management Framework (RMF) for DoD IT (DoDI 8510.01).

Validation Procedures

Documenting and implementing the Risk Management Framework (RMF) for DoD IT (DoDI 8510.01) meets the DoD requirement for a system and information integrity policy. DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, Risk Management Framework (RMF) for DoD IT (DoDI 8510.01).

Compelling Evidence

Automatically compliant per DoDI 8501.01.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001218.

Control	Description
SI-1	The organization: SI-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: SI-1a.1.: A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and SI-1a.2.: Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and SI-1b.: Reviews and updates the current: SI-1b.1.: System and information integrity policy [Assignment: organization-defined frequency]; and SI-1b.2.: System and information integrity procedures [Assignment: organization-defined frequency].

Control

Description

SI-1

The organization:

SI-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- SI-1a.1.: A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- SI-1a.2.: Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and

SI-1b.: Reviews and updates the current:
- SI-1b.1.: System and information integrity policy [Assignment: organization-defined frequency]; and
- SI-1b.2.: System and information integrity procedures [Assignment: organization-defined frequency].