CCI-002350

The organization defines the access authorization information that is to be transmitted using organization-defined security safeguards to organization-defined information systems that enforce access control decisions.

Implementation Guidance

The organization being inspected/assessed defines and documents the access authorization information that is to be transmitted using organization-defined security safeguards to organization-defined information systems that enforce access control decisions. DoD has determined the access authorization information is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented access authorization information to ensure the organization being inspected/assessed defines the access authorization information that is to be transmitted using organization-defined security safeguards to organization-defined information systems that enforce access control decisions. DoD has determined the access authorization information is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated access control policy and/or standard operating procedure (SOP) or system security plan (SSP) that defines the access authorization information that is to be transmitted using organization-defined security safeguards to organization-defined information systems that enforce access control decisions.

The controls below (if any) were marked by NIST as being related to CCI-002350.