Navigate

CCI-000232

CCI-000232 Definition

Document and provide supporting rationale in the security plan for the system, user actions not requiring identification and authentication.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents supporting rationale in the security plan for the actions defined in AC-14, CCI 61 to not require identification and authentication.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security plan to ensure the organization being inspected/assessed documents the supporting rationale for the actions defined in AC-14, CCI 61 to not require identification and authentication.

Compelling Evidence

1.) Signed and dated documentation that defines the supporting rationale in the security plan for the actions defined in AC-14, CCI 61 to not require identification and authentication.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000232.

Control	Description
AC-14	The organization: a: Identifies [one of ] that can be performed on the information system without identification or authentication consistent with organizational missions/business functions; and b: Documents and provides supporting rationale in the security plan for the information system, user actions not requiring identification or authentication.