Navigate

CCI-001285

CCI-001285 Definition

The organization receives information system security alerts, advisories, and directives from organization-defined external organizations on an ongoing basis.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed receives information system security alerts, advisories, and directives from at a minimum, USCYBERCOM on an ongoing basis. DoD has defined the external organizations as at a minimum, USCYBERCOM.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines alerts, advisories, and directives received by the organization being inspected/assessed to ensure they receive information system security alerts, advisories, and directives from at a minimum, USCYBERCOM on an ongoing basis. DoD has defined the external organizations as at a minimum, USCYBERCOM.

Compelling Evidence

1.) Signed and dated System security plan with reference to section that pertains to external sources for receiving security notifications (i.e. USCYBERCOM), personnel receiving it and frequency of information dissemination. 2.) Log of notifications from external sources.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001285.

Control	Description
SI-5	The organization: SI-5a.: Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; SI-5b.: Generates internal security alerts, advisories, and directives as deemed necessary; SI-5c.: Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and SI-5d.: Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Control

Description

SI-5

The organization:

SI-5a.: Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;

SI-5b.: Generates internal security alerts, advisories, and directives as deemed necessary;

SI-5c.: Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and

SI-5d.: Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.