CCI-002163
CCI-002163 Definition
Defines the discretionary access control policies the information system is to enforce over subjects and objects.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed defines and documents the discretionary access control policies the information system is to enforce over subjects and objects. DoD has determined that the discretionary access control policies are not appropriate to define at the Enterprise level.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented access control policies to ensure they have been defined. DoD has determined that the discretionary access control policies are not appropriate to define at the Enterprise level.
Compelling Evidence
1.) Signed and dated documentation which defines the discretionary access control policies the information system is to enforce over subjects and objects.