Navigate

CCI-001908

CCI-001908 Definition

Defines the action the system is to perform in the event of an information reviewer identity binding validation error.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if [AU-10(04)_ODP[02]; actions to be performed in the event of a validation error are defined] are performed in the event of a validation error.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing non-repudiation; system design documentation; system configuration settings and associated documentation; validation records; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security and privacy responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Mechanisms implementing non-repudiation capability].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001908.

Control	Description
AU-10(4)	(a): Validate the binding of the information reviewer identity to the information at the transfer or release points prior to release or transfer between [security domains for which the binding of the information reviewer identity to the information is to be validated at transfer or release are defined;] ; and (b): Perform [actions to be performed in the event of a validation error are defined;] in the event of a validation error.

Control

Description

AU-10(4)

(a): Validate the binding of the information reviewer identity to the information at the transfer or release points prior to release or transfer between [security domains for which the binding of the information reviewer identity to the information is to be validated at transfer or release are defined;] ; and

(b): Perform [actions to be performed in the event of a validation error are defined;] in the event of a validation error.