CCI-001286

Implementation Guidance

The organization being inspected/assessed documents and implements a process to generate internal security alerts, advisories, and directives as deemed necessary.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines documented process as well as the generated internal security alerts, advisories, and directives to ensure the organization being inspected/assessed generates internal security alerts, advisories, and directives as deemed necessary.

Compelling Evidence

1.) Signed and dated System security plan defines how it generates internal security notifications (what sources are used as the basis) and who it is distributed to. 2.) Sample of notification. 3.) List of personnel to be notified.