CCI-002267

Implementation Guidance

Determine if: - the following permitted security attributes are established from the attributes defined in AC-16_ODP[01] for [AC-16_ODP[05]; systems for which permitted security attributes are to be established are defined]: [AC-16_ODP[07]; security attributes defined as part of AC-16a that are permitted for systems are defined]. - the following permitted privacy attributes are established from the attributes defined in AC-16_ODP[02] for [AC-16_ODP[06]; systems for which permitted privacy attributes are to be established are defined]: [AC-16_ODP[08]; privacy attributes defined as part of AC-16a that are permitted for systems are defined].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing the association of security and privacy attributes to information in storage, in process, and in transmission; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy responsibilities; system developers]. Test: [SELECT FROM: Organizational capability supporting and maintaining the association of security and privacy attributes to information in storage, in process, and in transmission].