CCI-002100

Perform security compliance checks on constituent components prior to the establishment of the internal connection.

Implementation Guidance

Determine if: - security compliance checks are performed on constituent system components prior to the establishment of the internal connection. - privacy compliance checks are performed on constituent system components prior to the establishment of the internal connection.

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; access control policy; procedures addressing system connections; system and communications protection policy; system design documentation; system configuration settings and associated documentation; list of components or classes of components authorized as internal system connections; assessment report; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for developing, implementing, or authorizing internal system connections; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms supporting compliance checks].

The controls below (if any) were marked by NIST as being related to CCI-002100.