Navigate

CCI-001268

CCI-001268 Definition

The organization defines a list of least-disruptive actions to be taken by the information system to terminate suspicious events.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents a list of least-disruptive actions to be taken by the information system to terminate suspicious events. DoD has determined the least-disruptive actions are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented list of least-disruptive actions to ensure the organization being inspected/assessed defines a list of least-disruptive actions to be taken by the information system to terminate suspicious events. DoD has determined the least-disruptive actions are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated system security plan defines a list of least-disruptive actions to be taken by the information system to terminate suspicious events.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001268.

Control	Description
SI-4 (7)	The information system notifies [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events and takes [Assignment: organization-defined least-disruptive actions to terminate suspicious events].