CCI-002301

The organization defines the level of assurance to be provided when implementing organization-defined techniques or technologies in associating security attributes to information.

Implementation Guidance

The organization being inspected/assessed defines and documents the level of assurance to be provided when implementing organization-defined techniques or technologies in associating security attributes to information. DoD has determined the level of assurance is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented level of assurance to ensure the organization being inspected/assessed defines the level of assurance to be provided when implementing organization-defined techniques or technologies in associating security attributes to information. DoD has determined the level of assurance is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that describes how the site defines the level of assurance that to be provided when implementing organization-defined techniques or technologies in associating security attributes to information.

The controls below (if any) were marked by NIST as being related to CCI-002301.