CCI-002270

Defines the attribute values or ranges permitted for each of the established security attributes.

Implementation Guidance

Determine if the following permitted attribute values or ranges for each of the established attributes are determined: [AC-16_ODP[09]; attribute values or ranges for established attributes are defined].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing the association of security and privacy attributes to information in storage, in process, and in transmission; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy responsibilities; system developers]. Test: [SELECT FROM: Organizational capability supporting and maintaining the association of security and privacy attributes to information in storage, in process, and in transmission].

The controls below (if any) were marked by NIST as being related to CCI-002270.