CCI-001289

Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.

Implementation Guidance

The organization being inspected/assessed implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Validation Procedures

The organization conducting the inspection/assessment examines the information system and obtains and examines records of compliance and/or non-compliance reporting to ensure that security directives have been implemented in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Compelling Evidence

1.) Signed and dated System security plan documents how it implements security directives within established time frames (this includes documenting the time frames by severity level) and defines how it notifies organization issuing the security directives of noncompliance.

The controls below (if any) were marked by NIST as being related to CCI-001289.