CCI-001287

The organization disseminates security alerts, advisories, and directives to organization-defined personnel or roles, organization-defined elements within the organization, and/or organization-defined external organizations.

Implementation Guidance

The organization being inspected/assessed disseminates security alerts, advisories, and directives to the ISSO and ISSM and/or external organizations defined in SI-5, CCI 2694. DoD has defined the personnel or roles as the ISSO and ISSM.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines any applicable artifacts showing dissemination of security alerts, advisories, and directives to ensure the organization being inspected/assessed disseminates security alerts, advisories, and directives to the ISSO and ISSM and/or external organizations defined in SI-5, CCI 2694. DoD has defined the personnel or roles as the ISSO and ISSM.

Compelling Evidence

1.) Signed and dated System security plan documents which organization defined personnel and elements are authorized to receive security notifications, as well as what external organizations/personnel are authorized to receive them. 2.) Communication logs.

The controls below (if any) were marked by NIST as being related to CCI-001287.