CCI-000002

Disseminate the organization-level; mission/business process-level; and/or system-level access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance to organization-defined personnel or roles.

Implementation Guidance

The organization being inspected/assessed disseminates via an information sharing capability to all personnel. DoD has defined the personnel or roles as all personnel.

Validation Procedures

The organization conducting the inspection/assessment examines the access control policy via the organization's information sharing capability to ensure the organization being inspected/assessed disseminates the policy to all personnel. DoD has defined the personnel or roles as all personnel.

Compelling Evidence

1.) Signed and dated copy of access control policy. 2.) Documented procedures for ensuring proper dissemination of policy to all organization-defined personnel and roles.

The controls below (if any) were marked by NIST as being related to CCI-000002.