Navigate

CCI-001908

CCI-001908 Definition

The organization defines the action the information system is to perform in the event of an information reviewer identity binding validation error.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the actions the information system is to perform in the event of a information reviewer identity binding validation error. At a minimum, the actions must include alerting the data/information owner of a validation error on a reviewers identity. DoD has determined that all actions are not appropriate to define at the Enterprise level. At a minimum, the actions must include alerting the data/information owner of a validation error on a reviewers identity.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented actions to ensure the organization being inspected/assessed defines the actions the information system is to perform in the event of a information reviewer identity binding validation error. At a minimum, the actions must include alerting the data/information owner of a validation error on a reviewers identity. DoD has determined that all actions are not appropriate to define at the Enterprise level. At a minimum, the actions must include alerting the data/information owner of a validation error on a reviewers identity.

Compelling Evidence

1.) Signed and dated audit and accountability policy 2.) Applicable STIG/SRG checks

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001908.

Control	Description
AU-10 (4)	The information system: AU-10 (4)(a): Validates the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer between [Assignment: organization-defined security domains]; and AU-10 (4)(b): Performs [Assignment: organization-defined actions] in the event of a validation error.