CCI-002352

The organization defines the information systems that are to be recipients of organization-defined access authorization information using organization-defined security safeguards.

Implementation Guidance

The organization being inspected/assessed defines and documents the information systems that are to be recipients of organization-defined access authorization information using organization-defined security safeguards. DoD has determined the information systems are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information systems to ensure the organization being inspected/assessed defines the information systems that are to be recipients of organization-defined access authorization information using organization-defined security safeguards. DoD has determined the information systems are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated access control policy and/or standard operating procedure (SOP) or system security plan (SSP) that defines the security safeguards to be employed when transmitting organization-defined access authorization information to organization-defined information systems that enforce access control decisions

The controls below (if any) were marked by NIST as being related to CCI-002352.