Navigate

CCI-001739

CCI-001739 Definition

The organization issues organization-defined information systems, system components, or devices with organization-defined configurations to individuals traveling to locations the organization deems to be of significant risk.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed issues information systems, system components, or devices as defined in CM-2 (7) CCI 1737 with configurations as defined in CM-2 (7) CCI 1738 to individuals traveling to locations the organization deems to be of significant risk.

Validation Procedures

The organization conducting the inspection/assessment interviews organizational personnel with configuration management responsibilities to ensure that individuals traveling to locations that the organization deems to be of significant risk are issued information systems, system components, or devices as defined in CM-2 (7) CCI 1737 with configurations as defined in CM-2 (7) CCI 1738.

Compelling Evidence

1.) Signed and dated remote access policy and procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001739.

Control	Description
CM-2 (7)	The organization: CM-2 (7)(a): Issues [Assignment: organization-defined information systems, system components, or devices] with [Assignment: organization-defined configurations] to individuals traveling to locations that the organization deems to be of significant risk; and CM-2 (7)(b): Applies [Assignment: organization-defined security safeguards] to the devices when the individuals return.