Navigate

CCI-002285

CCI-002285 Definition

The organization identifies individuals (or processes acting on behalf of individuals) authorized to associate organization-defined security attributes with organization-defined subjects.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed identifies and documents individuals (or processes acting on behalf of individuals) authorized to associate security attributes defined in AC-16 (4), CCI 2288 with subjects defined in AC-16 (4), CCI 2286.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented individuals to ensure the organization being inspected/assessed identifies individuals (or processes acting on behalf of individuals) authorized to associate security attributes defined in AC-16 (4), CCI 2288 with subjects defined in AC-16 (4), CCI 2286.

Compelling Evidence

1.) Signed and dated documentation that defines the individuals (or processes acting on behalf of individuals) authorized to associate security attributes defined in AC-16 (4), CCI 2288 with subjects defined in AC-16 (4), CCI 2286.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002285.

Control	Description
AC-16(4)	The information system supports the association of [organization-defined security attributes] with [organization-defined subjects and objects] by authorized individuals (or processes acting on behalf of individuals).