CCI-002269

The organization establishes the permitted organization-defined security attributes for organization-defined information systems.

Implementation Guidance

The organization being inspected/assessed establishes and documents the permitted security attributes for all information systems as a subset of the security attributes defined in AC-16, CCI 2267. DoD has defined the information systems as all information systems.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented list of permitted security attributes to ensure the organization being inspected/assessed has established the list of permitted security attributes for all information systems as a subset of the security attributes defined in AC-16, CCI 2267. DoD has defined the information systems as all information systems.

Compelling Evidence

1.) Signed and dated documentation that defines the permitted security attributes for all information systems as a subset of the security attributes defined in AC-16, CCI 2267.

The controls below (if any) were marked by NIST as being related to CCI-002269.