Navigate

CCI-002318

CCI-002318 Definition

The organization defines the operational needs for when access to security-relevant information via remote access is to be authorized.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the operational needs when access to security-relevant information via remote access is to be authorized. DoD has determined the operational needs are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented operational needs to ensure the organization being inspected/assessed defines the operational needs when access to security-relevant information via remote access is to be authorized. DoD has determined the operational needs are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated access control policy, which defines the operational needs when access to security-relevant information via remote access is to be authorized. 2.) Signed and dated system security plan (SSP) 3.) Signed and dated privileged user agreement

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002318.

Control	Description
AC-17 (4)	The organization: AC-17 (4)(a): Authorizes the execution of privileged commands and access to security-relevant information via remote access only for [Assignment: organization-defined needs]; and AC-17 (4)(b): Documents the rationale for such access in the security plan for the information system.