CCI-002202

The organization defines the policy-relevant subcomponents into which information being transferred between different security domains is to be decomposed for submission to policy enforcement mechanisms.

Implementation Guidance

The organization being inspected/assessed defines and documents the policy relevant subcomponents into which information being transferred between different security domains is to be decomposed into for submission to policy enforcement mechanisms. DoD has determined the policy-relevant subcomponents are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented policy-relevant subcomponents to ensure the organization being inspected/assessed defines the policy relevant subcomponents into which information being transferred between different security domains is to be decomposed into for submission to policy enforcement mechanisms. DoD has determined the policy-relevant subcomponents are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that defines the policy relevant subcomponents into which information being transferred between different security domains is to be decomposed into for submission to policy enforcement mechanisms.

The controls below (if any) were marked by NIST as being related to CCI-002202.