CCI-001770
CCI-001770 Definition
Review and update the list of unauthorized software programs per organization-defined frequency.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to review and update the list of unauthorized software programs monthly. The organization must maintain an audit trail of the review and update activity. DoD has defined the frequency as monthly.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of reviews and updates to ensure that the organization being inspected/assessed reviews and updates the list of unauthorized software programs monthly. DoD has defined the frequency as monthly.
Compelling Evidence
1.) Signed and dated system security plan (SSP)