Navigate

CCI-001907

CCI-001907 Definition

The organization defines the security domains which will require the information system validate the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the security domains which require the information system validate the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer. DoD has determined the security domains are not appropriate to define at the Enterprise level. Note: Security domain as defined by CNSSI 4009.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security domains to ensure the organization being inspected/assessed defines the security domains which require the information system validate the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer. DoD has determined the security domains are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated audit and accountability policy 2.) Applicable STIG/SRG checks

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001907.

Control	Description
AU-10 (4)	The information system: AU-10 (4)(a): Validates the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer between [Assignment: organization-defined security domains]; and AU-10 (4)(b): Performs [Assignment: organization-defined actions] in the event of a validation error.