CCI-002264
CCI-002264 Definition
Status | |
Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if: - the means to associate [AC-16_ODP[01]; types of security attributes to be associated with information security attribute values for information in storage, in process, and/or in transmission are defined] with [AC-16_ODP[03]; security attribute values for types of security attributes are defined] for information in storage, in process, and/or in transmission are provided. - the means to associate [AC-16_ODP[02]; types of privacy attributes to be associated with privacy attribute values for information in storage, in process, and/or in transmission are defined] with [AC-16_ODP[04]; privacy attribute values for types of privacy attributes are defined] for information in storage, in process, and/or in transmission are provided.
Validation Procedures
Examine: [SELECT FROM: Access control policy; procedures addressing the association of security and privacy attributes to information in storage, in process, and in transmission; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy responsibilities; system developers]. Test: [SELECT FROM: Organizational capability supporting and maintaining the association of security and privacy attributes to information in storage, in process, and in transmission].