Navigate

CCI-001411

CCI-001411 Definition

Defines security-relevant information to which the system prevents access except during secure, non-operable system states.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if access to [AC-03(05)_ODP; security-relevant information to which access is prevented except during secure, non-operable system states is defined] is prevented except during secure, non-operable system states.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing access enforcement; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with access enforcement responsibilities; system/network administrators; organizational personnel with information security responsibilities; system developers]. Test: [SELECT FROM: Mechanisms preventing access to security-relevant information within the system].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001411.

Control	Description
AC-3(5)	Prevent access to [security-relevant information to which access is prevented except during secure, non-operable system states is defined;] except during secure, non-operable system states.