Navigate

CCI-002295

CCI-002295 Definition

Require personnel to associate organization-defined security attributes with organization-defined subjects in accordance with organization-defined security policies.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process requiring personnel to associate security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed requires personnel to associate security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291.

Compelling Evidence

1.) Signed and dated documentation describes how the site requires personnel to associate security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002295.

Control	Description
AC-16(6)	The organization allows personnel to associate, and maintain the association of [one of ] with [one of ] in accordance with [one of ].