Navigate

CCI-002269

CCI-002269 Definition

The organization establishes the permitted organization-defined security attributes for organization-defined information systems.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed establishes and documents the permitted security attributes for all information systems as a subset of the security attributes defined in AC-16, CCI 2267. DoD has defined the information systems as all information systems.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented list of permitted security attributes to ensure the organization being inspected/assessed has established the list of permitted security attributes for all information systems as a subset of the security attributes defined in AC-16, CCI 2267. DoD has defined the information systems as all information systems.

DISA Compelling Evidence

1) View signed and dated documentation that defines the permitted security attributes for all information systems as a subset of the security attributes defined in AC-16, CCI 2267.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002269.

Control	Description
AC-16	The organization: AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission; AC-16b.: Ensures that the security attribute associations are made and retained with the information; AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.

Control

Description

AC-16

The organization:

AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission;

AC-16b.: Ensures that the security attribute associations are made and retained with the information;

AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and

AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.