Navigate

CCI-002320

CCI-002320 Definition

The organization documents in the security plan for the information system the rationale for authorization of access to security-relevant information via remote access.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents in the security plan for the information system the rationale for authorization of access to security-relevant information via remote access.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security plan to ensure the organization being inspected/assessed documents in the security plan for the information system the rationale for authorization of access to security-relevant information via remote access.

Compelling Evidence

1.) Signed and dated system security plan (SSP) that documents and identifies the rationale for authorization of access to security-relevant information via remote access.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002320.

Control	Description
AC-17 (4)	The organization: AC-17 (4)(a): Authorizes the execution of privileged commands and access to security-relevant information via remote access only for [Assignment: organization-defined needs]; and AC-17 (4)(b): Documents the rationale for such access in the security plan for the information system.