Navigate

CCI-002295

CCI-002295 Definition

The organization allows personnel to associate organization-defined security attributes with organization-defined subjects in accordance with organization-defined security policies.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process requiring personnel to associate security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed requires personnel to associate security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291.

DISA Compelling Evidence

1) View signed and dated documentation. 2) Examine and validate that the documentation describes how the site requires personnel to associate security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291. 3) Verify that the site implements this process.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002295.

Control	Description
AC-16 (6)	The organization allows personnel to associate, and maintain the association of [Assignment: organization-defined security attributes] with [Assignment: organization-defined subjects and objects] in accordance with [Assignment: organization-defined security policies].