CCI-001680
CCI-001680 Definition
Develop an organization-wide information security program plan that includes the identification and assignment of roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
DoDI 8500.01 and the Knowledge Service meet the requirement for this CCI; individual organizations and system owners must provide documentation of common control implementation in their Security Plan.
Validation Procedures
DoD components are automatically compliant with this CCI as they are covered at the DoD level by DoDI 8500.01 and the Knowledge Service. If the organization or system owner is utilizing common controls they must be documented in their Security Plan.
Compelling Evidence
Automatically compliant per DoDI 8500.01.