Navigate

CCI-002204

CCI-002204 Definition

The organization defines a security policy which prohibits the transfer of unsanctioned information between different security domains.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents security policy which prohibits the transfer of unsanctioned information between different security domains. DoD has determined the security policy is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security policy to ensure the organization being inspected/assessed defines security policy which prohibits the transfer of unsanctioned information between different security domains. DoD has determined the security policy is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that defines the security policy which prohibits the transfer of unsanctioned information between different security domains.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002204.

Control	Description
AC-4 (15)	The information system, when transferring information between different security domains, examines the information for the presence of [Assignment: organized-defined unsanctioned information] and prohibits the transfer of such information in accordance with the [Assignment: organization-defined security policy].