CCI-001414
CCI-001414 Definition
Status | |
Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if approved authorizations are enforced for controlling the flow of information within the system and between connected systems based on [AC-04_ODP; information flow control policies within the system and between connected systems are defined].
Validation Procedures
Examine: [SELECT FROM: Access control policy; information flow control policies; procedures addressing information flow enforcement; security architecture documentation; privacy architecture documentation; system design documentation; system configuration settings and associated documentation; system baseline configuration; list of information flow authorizations; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy architecture development responsibilities; organizational personnel with information security and privacy responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing information flow enforcement policy].