CCI-000170

The organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to organizational operations and assets, individuals, other organizations, and the Nation.

Implementation Guidance

DoDI 8510.01 and the Knowledge Service meet the DoD requirements to maintain a process to document the remedial information security actions that mitigate risk to organizational operations and assets, individuals, other organizations, and the Nation. DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, DoDI 8510.01 and the Knowledge Service.

Validation Procedures

DoDI 8510.01 and the Knowledge Service meet the DoD requirements to maintain a process to document the remedial information security actions that mitigate risk to organizational operations and assets, individuals, other organizations, and the Nation. DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, DoDI 8510.01 and the Knowledge Service.

Compelling Evidence

Automatically compliant per DoDI 8510.01.

The controls below (if any) were marked by NIST as being related to CCI-000170.