Navigate

CCI-000002

CCI-000002 Definition

The organization disseminates the access control policy to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed disseminates via an information sharing capability to all personnel. DoD has defined the personnel or roles as all personnel.

Validation Procedures

The organization conducting the inspection/assessment examines the access control policy via the organization's information sharing capability to ensure the organization being inspected/assessed disseminates the policy to all personnel. DoD has defined the personnel or roles as all personnel.

Compelling Evidence

1.) Signed and dated copy of access control policy. 2.) Documented procedures for ensuring proper dissemination of policy to all organization-defined personnel and roles.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000002.

Control	Description
AC-1	The organization: AC-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: AC-1a.1.: An access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and AC-1a.2.: Procedures to facilitate the implementation of the access control policy and associated access controls; and AC-1b.: Reviews and updates the current: AC-1b.1.: Access control policy [Assignment: organization-defined frequency]; and AC-1b.2.: Access control procedures [Assignment: organization-defined frequency].

Control

Description

AC-1

The organization:

AC-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- AC-1a.1.: An access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- AC-1a.2.: Procedures to facilitate the implementation of the access control policy and associated access controls; and

AC-1b.: Reviews and updates the current:
- AC-1b.1.: Access control policy [Assignment: organization-defined frequency]; and
- AC-1b.2.: Access control procedures [Assignment: organization-defined frequency].