CCI-002341

Defines the information sharing restrictions to be enforced when implementing information search and retrieval services.

Implementation Guidance

Determine if information search and retrieval services that enforce [AC-21(02)_ODP; information-sharing restrictions to be enforced by information search and retrieval services are defined] are implemented.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing user-based collaboration and information sharing (including restrictions); system design documentation; system configuration settings and associated documentation; system-generated list of access restrictions regarding information to be shared; information search and retrieval records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with access enforcement responsibilities for system search and retrieval services; system/network administrators; organizational personnel with information security responsibilities; system developers]. Test: [SELECT FROM: System search and retrieval services enforcing information-sharing restrictions].

The controls below (if any) were marked by NIST as being related to CCI-002341.