CCI-002278

The organization defines security attributes for which the association and integrity to organization-defined subjects and objects is maintained by the information system.

Implementation Guidance

he organization being inspected/assessed defines and documents the security attributes for which the association and integrity to organization-defined subjects and objects is maintained by the information system DoD has determined the security attributes are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security attributes to ensure the organization being inspected/assessed defines the security attributes for which the association and integrity to organization-defined subjects and objects is maintained by the information system. DoD has determined the security attributes are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that defines the security attributes for which the association and integrity to organization-defined subjects and objects is maintained by the information system

The controls below (if any) were marked by NIST as being related to CCI-002278.