Navigate

CCI-002231

CCI-002231 Definition

Reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to reassign or remove privileges, if necessary, to correctly reflect organizational mission/business needs.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed reassigns or removes privileges, if necessary, to correctly reflect organizational mission/business needs.

Compelling Evidence

1.) Signed and dated documentation that defines the process to reassign or remove privileges, if necessary, to correctly reflect organizational mission/business needs. 2.) Applicable STIG/SRG checks.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002231.

Control	Description
AC-6(7)	The organization: (a): Reviews [organization-defined frequency] the privileges assigned to [organization-defined roles or classes of users] to validate the need for such privileges; and (b): Reassigns or removes privileges, if necessary, to correctly reflect organizational mission/business needs.