CCI-002127
CCI-002127 Definition
Authorize access to the system based on intended system usage.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed authorizes access to the information system based on intended system usage. The organization being inspected/assessed maintains an audit trail of approved access.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the audit trail of approved access to ensure the organization being inspected/assessed authorizes access to the information system based on intended system usage.
Compelling Evidence
1.) Signed and dated system security plan (SSP), referencing section which defines intended system usage. 2.) Audit trail of approved access.