CCI-002297

The organization allows personnel to maintain the association of organization-defined security attributes with organization-defined subjects in accordance with organization-defined security policies.

Implementation Guidance

The organization being inspected/assessed documents and implements a process requiring personnel to maintain the association of security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed requires personnel to maintain the association of security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291.

Compelling Evidence

1.) Signed and dated documentation that describes how the site requires personnel to maintain the association of security attributes defined in AC-16 (6), CCI 2292 with subjects defined in AC-16 (6), CCI 2293 in accordance with security policies defined in AC-16 (6), CCI 2291.

The controls below (if any) were marked by NIST as being related to CCI-002297.