Navigate

CCI-000149

CCI-000149 Definition

The organization reports any findings to organization-defined personnel or roles for indications of organization-defined inappropriate or unusual activity.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process for reporting any findings of inappropriate or unusual activity as defined in AU-6, CCI 1862 to at a minimum, the ISSO and ISSM. DoD has defined the personnel or roles as at a minimum, the ISSO and ISSM.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process for reporting findings as well as a sampling of historical reports to ensure the organization being inspected/assessed reports any findings of inappropriate or unusual activity as defined in AU-6, CCI 1862 to at a minimum, the ISSO and ISSM. DoD has defined the personnel or roles as at a minimum, the ISSO and ISSM.

Compelling Evidence

1.) Document that provides the process that is used to report any findings to organization-defined personnel or roles

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000149.

Control	Description
AU-6	The organization: AU-6a.: Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and AU-6b.: Reports findings to [Assignment: organization-defined personnel or roles].