CCI-002259

The organization defines security attribute values associated with organization-defined types of security attributes for information in storage.

Implementation Guidance

The organization being inspected/assessed defines and documents the security attributes values associated with organization-defined types of security attributes for information in storage. DoD has determined the security attribute values are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security attribute values to ensure the organization being inspected/assessed defines security attribute values associated with organization-defined types of security attributes for information in storage. DoD has determined the security attribute values are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that defines the security attributes values associated with organization-defined types of security attributes for information in storage.

The controls below (if any) were marked by NIST as being related to CCI-002259.