Navigate

CCI-002257

CCI-002257 Definition

The organization defines security attributes having organization-defined types of security attribute values which are associated with information in process.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the security attributes having organization-defined types of security attribute values which are associated with information in process. DoD has determined the security attributes are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security attributes to ensure the organization being inspected/assessed defines security attributes having organization-defined types of security attribute values process. DoD has determined the security attributes are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that defines the security attributes having organization-defined types of security attribute values which are associated with information in process.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002257.

Control	Description
AC-16	The organization: AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission; AC-16b.: Ensures that the security attribute associations are made and retained with the information; AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.

Control

Description

AC-16

The organization:

AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission;

AC-16b.: Ensures that the security attribute associations are made and retained with the information;

AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and

AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.