Navigate

CCI-000232

CCI-000232 Definition

The organization documents and provides supporting rationale in the security plan for the information system, user actions not requiring identification and authentication.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents supporting rationale in the security plan for the actions defined in AC-14, CCI 61 to not require identification and authentication.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security plan to ensure the organization being inspected/assessed documents the supporting rationale for the actions defined in AC-14, CCI 61 to not require identification and authentication.

Compelling Evidence

1.) Signed and dated documentation that defines the supporting rationale in the security plan for the actions defined in AC-14, CCI 61 to not require identification and authentication.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000232.

Control	Description
AC-14	The organization: AC-14a.: Identifies [Assignment: organization-defined user actions] that can be performed on the information system without identification or authentication consistent with organizational missions/business functions; and AC-14b.: Documents and provides supporting rationale in the security plan for the information system, user actions not requiring identification or authentication.

Control

Description

AC-14

The organization:

AC-14a.: Identifies [Assignment: organization-defined user actions] that can be performed on the information system without identification or authentication consistent with organizational missions/business functions; and

AC-14b.: Documents and provides supporting rationale in the security plan for the information system, user actions not requiring identification or authentication.