CCI-002264

Provide the means to associate organization-defined types of security attributes having organization-defined security attribute values with information in transmission.

Implementation Guidance

Determine if: - the means to associate [AC-16_ODP[01]; types of security attributes to be associated with information security attribute values for information in storage, in process, and/or in transmission are defined] with [AC-16_ODP[03]; security attribute values for types of security attributes are defined] for information in storage, in process, and/or in transmission are provided. - the means to associate [AC-16_ODP[02]; types of privacy attributes to be associated with privacy attribute values for information in storage, in process, and/or in transmission are defined] with [AC-16_ODP[04]; privacy attribute values for types of privacy attributes are defined] for information in storage, in process, and/or in transmission are provided.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing the association of security and privacy attributes to information in storage, in process, and in transmission; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy responsibilities; system developers]. Test: [SELECT FROM: Organizational capability supporting and maintaining the association of security and privacy attributes to information in storage, in process, and in transmission].

The controls below (if any) were marked by NIST as being related to CCI-002264.