CCI-001411

The organization defines security-relevant information to which the information system prevents access except during secure, non-operable system states.

Implementation Guidance

The organization being inspected/assessed defines and documents security-relevant information to which the information system prevents access except during secure, nonoperable system states. At a minimum, the security-relevant information shall include installing and updating crypto keys. DoD has determined the security-relevant information is not appropriate to define at the Enterprise level, but at a minimum, installing and updating crypto keys.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security-relevant information to ensure it has been defined and at a minimum, includes installing and updating crypto keys. DoD has determined the security-relevant information is not appropriate to define at the Enterprise level, but at a minimum, installing and updating crypto keys.

Compelling Evidence

1.) Signed and dated documentation that defines security-relevant information to which the information system prevents access except during secure, non-operable system states.

The controls below (if any) were marked by NIST as being related to CCI-001411.