Navigate

CCI-002267

CCI-002267 Definition

The organization defines the security attributes that are permitted for organization-defined information systems.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the security attributes as the security attributes defined in AC-16, CCIs 2256-2258.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the security attributes as the security attributes defined in AC-16, CCIs 2256-2258.

Compelling Evidence

Automatically compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002267.

Control	Description
AC-16	The organization: AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission; AC-16b.: Ensures that the security attribute associations are made and retained with the information; AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.

Control

Description

AC-16

The organization:

AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission;

AC-16b.: Ensures that the security attribute associations are made and retained with the information;

AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and

AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.